ci: harden rsync-ssl socat fake helpers

The regression test honestly skips when it cannot force the receiver's
output mkstemp() to fail -- as root (root bypasses DAC) and on Cygwin
(chmod 0555 does not deny the owner a write). The ubuntu, ubuntu-22.04,
almalinux and macOS jobs run `make check` as root, and Cygwin can't
enforce the unwritable directory, so the test skips on all of them.
runtests.py fails a run on any skip-set mismatch, so add the test to
those jobs' RSYNC_EXPECT_SKIPPED lists; the BSD/Solaris jobs run as root
too but enforce no expected-skip set, so they need no change.

Also tighten the pass condition. The post-chmod writability probe already
guarantees the receiver discards (mkstemp must fail), so an exit 0 would
mean the file actually transferred and the discard path was never
exercised -- a silent false-pass. Require exactly exit 23 (the forced
discard leaves the file untransferred); 12 remains the pre-fix crash.

.gitattributes

@@ -0,0 +1,17 @@
+* text=auto eol=lf
+
+# The rsync-web/ subdirectory holds the project website source content
+# (mirrors what gets pushed to https://rsync.samba.org).  Exclude it from
+# `git archive` output so the release source tarball produced by
+# packaging/release.py step_7_tarball does not bloat with HTML the
+# tarball doesn't need.
+/rsync-web/ export-ignore
+
+# old_versions/ holds static binaries of historical rsync releases, used by the
+# version-mixing test suite (.github/workflows/ubuntu-version-mix.yml) to run
+# the current code against a real old peer over the daemon / remote-shell.
+# Mark the binaries as binary so the `text=auto eol=lf` rule above can't try to
+# normalise line endings and corrupt them; export-ignore keeps them out of the
+# release source tarball.
+/old_versions/rsync_* binary
+/old_versions/rsync_* export-ignore

.github/workflows/actionlint.yml

@@ -0,0 +1,43 @@
+name: Lint GitHub Actions workflows
+
+# Static-check the workflow YAML with rhysd/actionlint.  Catches missing
+# secrets, bad expressions, expression-type errors, unsupported runner
+# images, and (via embedded shellcheck) common pitfalls in `run:` scripts.
+# Trigger only on changes under .github/workflows/ so the rest of the
+# matrix isn't billed when nothing here moves.
+
+on:
+  push:
+    branches: [ master ]
+    paths:
+      - '.github/workflows/*.yml'
+      - '.github/actionlint.yaml'
+      - '.github/actionlint.yml'
+  pull_request:
+    branches: [ master ]
+    paths:
+      - '.github/workflows/*.yml'
+      - '.github/actionlint.yaml'
+      - '.github/actionlint.yml'
+
+permissions:
+  contents: read
+
+jobs:
+  actionlint:
+    runs-on: ubuntu-latest
+    name: actionlint
+    steps:
+      - uses: actions/checkout@v4
+      - name: install actionlint
+        # Pin a version so this job is reproducible; bump deliberately.
+        # The download script verifies a SHA256 of the release tarball.
+        run: |
+          bash <(curl --proto '=https' --tlsv1.2 -fsSL \
+              https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) \
+              1.7.12
+          echo "$PWD" >>"$GITHUB_PATH"
+      - name: actionlint --version
+        run: actionlint -version
+      - name: actionlint .github/workflows/*.yml
+        run: actionlint -color

.github/workflows/almalinux-8-build.yml

@@ -0,0 +1,83 @@
+name: Test rsync on AlmaLinux 8
+
+# Older-LTS coverage on the Fedora/RHEL family to help with backporting
+# security fixes. AlmaLinux 8 is the RHEL 8 rebuild and is the oldest
+# active LTS in this family (RHEL 8 full support runs to 2029).
+# GitHub Actions has no native runner for this family, so the job runs
+# inside an almalinux:8 container hosted on ubuntu-latest.
+
+on:
+  push:
+    branches: [ master ]
+    paths-ignore:
+      - '.github/workflows/*.yml'
+      - '!.github/workflows/almalinux-8-build.yml'
+  pull_request:
+    branches: [ master ]
+    paths-ignore:
+      - '.github/workflows/*.yml'
+      - '!.github/workflows/almalinux-8-build.yml'
+  schedule:
+    - cron: '42 8 * * *'
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    container:
+      image: almalinux:8
+    name: Test rsync on AlmaLinux 8
+    steps:
+    - name: install git
+      # actions/checkout needs git in the container before the checkout step.
+      run: dnf -y install git
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    - name: prep
+      # PowerTools is needed for libzstd-devel etc; xxhash and lz4 dev
+      # headers live in EPEL on RHEL 8. The default python3 on RHEL 8
+      # is 3.6, which is too old for runtests.py (uses capture_output=
+      # / text= introduced in 3.7), so install python39 and point
+      # /usr/bin/python3 at it.
+      run: |
+        dnf -y install epel-release
+        dnf config-manager --set-enabled powertools
+        dnf -y install gcc gcc-c++ make autoconf automake m4 \
+            python39 python39-pip diffutils \
+            openssl openssl-devel \
+            attr libattr-devel acl libacl-devel \
+            zstd libzstd-devel \
+            lz4 lz4-devel \
+            xxhash xxhash-devel
+        alternatives --set python3 /usr/bin/python3.9
+        pip3 install commonmark
+    - name: configure
+      run: ./configure --with-rrsync
+    - name: make
+      run: make
+    - name: info
+      run: ./rsync --version
+    - name: check
+      # In the container we already run as root, so no sudo. The
+      # crtimes-not-supported skip matches the other Linux jobs;
+      # daemon-chroot-acl and proxy-response-line-too-long skip because
+      # the default (secure) transport opens no listening socket.
+      run: RSYNC_EXPECT_SKIPPED=crtimes,daemon-access-ip,daemon-chroot-acl,proxy-response-line-too-long,recv-discard-nullderef make check
+    - name: check (TCP daemon transport)
+      # Second run exercising the real loopback-TCP daemon path.
+      run: ./runtests.py --rsync-bin="$PWD/rsync" --use-tcp -j 8
+    - name: ssl file list
+      run: ./rsync-ssl --no-motd download.samba.org::rsyncftp/ || true
+    - name: save artifact
+      uses: actions/upload-artifact@v4
+      with:
+        retention-days: 45
+        name: almalinux-8-bin
+        path: |
+          rsync
+          rsync-ssl
+          rsync.1
+          rsync-ssl.1
+          rsyncd.conf.5
+          rrsync.1
+          rrsync

.github/workflows/android-static-build.yml

@@ -0,0 +1,121 @@
+name: Build static rsync for Android
+
+# Cross-compiles statically-linked rsync binaries with the Android NDK,
+# suitable for dropping onto a phone (adb push / Termux) with no shared
+# libraries. arm64-v8a covers all modern phones; armeabi-v7a covers older
+# 32-bit devices. The binaries are uploaded as workflow artifacts.
+#
+# These are cross-compiled, so the test suite can't run here; we sanity
+# check that each binary is the right architecture, is static, and that
+# it executes (`--version`) under qemu-user.
+
+on:
+  push:
+    branches: [ master ]
+    paths-ignore:
+      - '.github/workflows/*.yml'
+      - '!.github/workflows/android-static-build.yml'
+  pull_request:
+    branches: [ master ]
+    paths-ignore:
+      - '.github/workflows/*.yml'
+      - '!.github/workflows/android-static-build.yml'
+  schedule:
+    - cron: '42 8 * * *'
+  workflow_dispatch:
+
+env:
+  # Minimum supported API level. 24 (Android 7.0) runs on every modern
+  # phone while keeping broad reach; bump if you need newer Bionic APIs.
+  ANDROID_API: 24
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    name: ${{ matrix.abi }}
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - abi: arm64-v8a       # modern phones
+            triple: aarch64-linux-android
+            qemu: qemu-aarch64-static
+          - abi: armeabi-v7a     # older 32-bit phones
+            triple: armv7a-linux-androideabi
+            qemu: qemu-arm-static
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Install build prerequisites
+        run: sudo apt-get update && sudo apt-get install -y autoconf automake gawk qemu-user-static
+
+      - name: Configure and build (${{ matrix.abi }})
+        shell: bash
+        run: |
+          set -euo pipefail
+          NDK="${ANDROID_NDK_LATEST_HOME:-$ANDROID_NDK_ROOT}"
+          TC="$NDK/toolchains/llvm/prebuilt/linux-x86_64/bin"
+          export CC="$TC/${{ matrix.triple }}${ANDROID_API}-clang"
+          export AR="$TC/llvm-ar" RANLIB="$TC/llvm-ranlib" STRIP="$TC/llvm-strip"
+          export CFLAGS="-O2" LDFLAGS="-static"
+
+          # Bionic doesn't declare lchmod()/lutimes() until API 36, but the
+          # symbols link, so configure mis-detects them -- force them off so
+          # rsync uses its fallbacks. The other cache vars restore values
+          # that configure can't probe when cross-compiling (Android runs a
+          # normal Linux kernel, so these match the native Linux result).
+          export ac_cv_func_lchmod=no ac_cv_func_lutimes=no \
+                 rsync_cv_HAVE_SOCKETPAIR=yes \
+                 rsync_cv_MKNOD_CREATES_FIFOS=yes \
+                 rsync_cv_MKNOD_CREATES_SOCKETS=yes
+
+          # Self-contained build: drop optional external libraries so the
+          # static binary needs nothing at runtime. rsync keeps md5/md4
+          # checksums and its bundled zlib.
+          ./configure --host=${{ matrix.triple }} --build=x86_64-pc-linux-gnu \
+            --enable-ipv6 \
+            --disable-zstd --disable-lz4 --disable-xxhash --disable-openssl \
+            --disable-iconv --disable-iconv-open \
+            --disable-acl-support --disable-xattr-support \
+            --disable-md2man --disable-roll-simd \
+            --with-included-popt --with-included-zlib
+
+          # Generate the awk-built headers serially first so the parallel
+          # build can't race on proto.h <- daemon-parm.h.
+          make proto.h
+          make -j"$(nproc)" rsync
+          "$STRIP" rsync
+
+      - name: Verify binary
+        shell: bash
+        run: |
+          set -euo pipefail
+          file rsync
+          # Gate: must be a statically-linked executable (no interpreter).
+          file rsync | grep -q "statically linked"
+          if file rsync | grep -q "dynamically linked"; then
+            echo "ERROR: binary is not static" >&2; exit 1
+          fi
+          # Best-effort: confirm it actually runs under qemu-user.
+          ${{ matrix.qemu }} ./rsync --version | head -3 || \
+            echo "WARNING: qemu smoke test did not run cleanly (check on a real device)"
+
+      - name: Package
+        shell: bash
+        run: |
+          set -euo pipefail
+          VER=$(sed -n 's/.*RSYNC_VERSION "\([^"]*\)".*/\1/p' version.h)
+          out="rsync-${VER}-android-${{ matrix.abi }}"
+          mkdir -p dist
+          cp rsync "dist/$out"
+          ( cd dist && sha256sum "$out" > "$out.sha256" )
+          echo "ARTIFACT_NAME=rsync-android-${{ matrix.abi }}" >>"$GITHUB_ENV"
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          retention-days: 45
+          name: ${{ env.ARTIFACT_NAME }}
+          path: dist/

.github/workflows/ccpp.yml

@@ -1,31 +0,0 @@
-name: build
-
-on:
-  push:
-    branches: [ master ]
-  pull_request:
-    branches: [ master ]
-
-jobs:
-  build:
-
-    runs-on: ubuntu-20.04
-
-    steps:
-    - uses: actions/checkout@v2
-    - name: prepare-packages
-      run: sudo apt-get install fakeroot acl libacl1-dev attr libattr1-dev liblz4-dev libzstd-dev libxxhash-dev python3-cmarkgfm
-    - name: prepare-source
-      run: ./prepare-source
-    - name: configure
-      run: ./configure --with-included-popt --with-included-zlib
-    - name: make
-      run: make
-    - name: version-summary
-      run: ./rsync --version
-    - name: make check
-      run: make check
-    - name: make check30
-      run: make check30
-    - name: make check29
-      run: make check29

.github/workflows/coverage.yml

@@ -0,0 +1,72 @@
+name: Coverage (Ubuntu)
+
+on:
+  push:
+    branches: [ master ]
+    paths-ignore:
+      - '.github/workflows/*.yml'
+      - '!.github/workflows/coverage.yml'
+  pull_request:
+    branches: [ master ]
+    paths-ignore:
+      - '.github/workflows/*.yml'
+      - '!.github/workflows/coverage.yml'
+  schedule:
+    - cron: '42 9 * * *'
+  workflow_dispatch:
+
+jobs:
+  coverage:
+    runs-on: ubuntu-latest
+    name: gcov coverage
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    - name: prep
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y acl libacl1-dev attr libattr1-dev liblz4-dev libzstd-dev libxxhash-dev python3-cmarkgfm openssl gcovr
+        echo "/usr/local/bin" >>"$GITHUB_PATH"
+    - name: configure
+      run: ./configure --enable-coverage --with-rrsync
+    - name: make
+      run: make
+    - name: info
+      run: rsync --version
+    # Two coverage runs: the default pipe transport, then a second pass over a
+    # real loopback rsyncd (--use-tcp) which also exercises the require_tcp-only
+    # tests. gcovr's --print-summary line/branch/decision totals go to the step
+    # log (and the job summary below), so the numbers are visible in CI.
+    # `make coverage` exits with the suite's status, so a regression fails CI.
+    - name: coverage (pipe transport)
+      run: |
+        set -o pipefail
+        sudo make coverage 2>&1 | tee cov-pipe.log
+    - name: coverage (TCP transport)
+      run: |
+        set -o pipefail
+        sudo make coverage-tcp 2>&1 | tee cov-tcp.log
+    - name: coverage summary
+      if: always()
+      run: |
+        {
+          echo "## gcov coverage"
+          echo "### Pipe transport (\`make coverage\`)"
+          echo '```'
+          grep -E '^(lines|functions|branches|decisions):' cov-pipe.log || echo '(no summary -- see step log)'
+          echo '```'
+          echo "### TCP transport (\`make coverage-tcp\`)"
+          echo '```'
+          grep -E '^(lines|functions|branches|decisions):' cov-tcp.log || echo '(no summary -- see step log)'
+          echo '```'
+        } >> "$GITHUB_STEP_SUMMARY"
+    - name: upload HTML reports
+      if: always()
+      uses: actions/upload-artifact@v4
+      with:
+        retention-days: 45
+        name: coverage-html
+        path: |
+          coverage
+          coverage-tcp

.github/workflows/cygwin-build.yml

@@ -0,0 +1,68 @@
+name: Test rsync on Cygwin
+
+on:
+  push:
+    branches: [ master ]
+    paths-ignore:
+      - '.github/workflows/*.yml'
+      - '!.github/workflows/cygwin-build.yml'
+  pull_request:
+    branches: [ master ]
+    paths-ignore:
+      - '.github/workflows/*.yml'
+      - '!.github/workflows/cygwin-build.yml'
+  schedule:
+    - cron: '42 8 * * *'
+
+jobs:
+  test:
+    runs-on: windows-2022
+    name: Test rsync on Cygwin
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    - name: cygwin
+      run: choco install -y --no-progress cygwin cyg-get
+    - name: prep
+      run: |
+        cyg-get make autoconf automake gcc-core attr libattr-devel python39 python39-pip libzstd-devel liblz4-devel libssl-devel libxxhash0 libxxhash-devel
+        echo "C:/tools/cygwin/bin" >>$Env:GITHUB_PATH
+    - name: commonmark
+      run: bash -c 'python3 -mpip install --user commonmark'
+    - name: configure
+      run: bash -c './configure --with-rrsync'
+    - name: make
+      run: bash -c 'make'
+    - name: install
+      run: bash -c 'make install'
+    - name: info
+      run: bash -c '/usr/local/bin/rsync --version'
+    - name: check
+      # chown-fake / devices-fake / xattrs / xattrs-hlink now RUN on Cygwin
+      # (rsyncfns.py drives xattrs via getfattr/setfattr from the `attr`
+      # package installed above), verified on a real Cygwin host. The real
+      # chown/devices tests still skip (need root/mknod), as do the
+      # RESOLVE_BENEATH symlink-race tests.  symlink-dirlink-basis also now
+      # RUNS (the #915 non-daemon basis open uses a plain do_open, restoring
+      # following an in-tree dir-symlink basis without RESOLVE_BENEATH).
+      run: bash -c 'RSYNC_EXPECT_SKIPPED=acls-default,acls-depth,acls,bare-do-open-symlink-race,chdir-symlink-race,chown,daemon-access-ip,daemon-chroot-acl,devices,dir-sgid,open-noatime,protected-regular,proxy-response-line-too-long,recv-discard-nullderef,sender-flist-symlink-leak,simd-checksum make check'
+    - name: check (TCP daemon transport)
+      # Second run with daemon tests over a real loopback rsyncd; the default
+      # 'make check' above uses the secure stdio-pipe transport.
+      run: bash -c './runtests.py --rsync-bin=`pwd`/rsync.exe --use-tcp -j 8'
+    - name: ssl file list
+      run: bash -c 'PATH="/usr/local/bin:$PATH" rsync-ssl --no-motd download.samba.org::rsyncftp/ || true'
+    - name: save artifact
+      uses: actions/upload-artifact@v4
+      with:
+        retention-days: 45
+        name: cygwin-bin
+        path: |
+          rsync.exe
+          rsync-ssl
+          rsync.1
+          rsync-ssl.1
+          rsyncd.conf.5
+          rrsync.1
+          rrsync

.github/workflows/fleettest.yml

@@ -0,0 +1,64 @@
+name: Test fleettest harness
+
+# Bitrot check for testsuite/fleettest.py (the developer fleet CI harness).
+# fleettest is meant to be run by developers on a modern Ubuntu box, so this
+# job runs only on ubuntu-latest: it stands up a one-host "fleet" of two
+# targets that both ssh to localhost and runs a real fleettest pass against it.
+# It does not run on the BSD/Solaris/macOS/Cygwin matrix.
+
+on:
+  push:
+    branches: [ master ]
+    paths:
+      - 'testsuite/fleettest.py'
+      - '.github/workflows/fleettest.yml'
+  pull_request:
+    branches: [ master ]
+    paths:
+      - 'testsuite/fleettest.py'
+      - '.github/workflows/fleettest.yml'
+  workflow_dispatch:
+  schedule:
+    - cron: '17 7 * * 1'
+
+jobs:
+  fleettest:
+    runs-on: ubuntu-latest
+    name: fleettest against localhost
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    - name: prep
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y gcc g++ gawk autoconf automake \
+          acl libacl1-dev attr libattr1-dev liblz4-dev libzstd-dev libxxhash-dev \
+          python3-cmarkgfm openssl rsync openssh-server
+    - name: set up ssh to localhost
+      run: |
+        mkdir -p ~/.ssh && chmod 700 ~/.ssh
+        ssh-keygen -t ed25519 -N '' -f ~/.ssh/id_ed25519
+        cat ~/.ssh/id_ed25519.pub >> ~/.ssh/authorized_keys
+        chmod 600 ~/.ssh/authorized_keys
+        sudo systemctl start ssh || sudo service ssh start
+        # fleettest connects with `ssh -o BatchMode=yes localhost`, which won't
+        # answer a host-key prompt -- so pre-trust localhost in known_hosts.
+        ssh-keyscan -H localhost 127.0.0.1 >> ~/.ssh/known_hosts 2>/dev/null
+        ssh -o BatchMode=yes -o ConnectTimeout=15 localhost 'echo ssh-to-localhost-ok'
+    - name: write localhost fleet config
+      run: |
+        cat > fleettest-ci.json <<'EOF'
+        { "targets": [
+          { "name": "local-a", "ssh_host": "localhost", "workflow": "none.yml",
+            "configure_flags": [], "builddir": "rsync-citest-a", "privilege": "sudo" },
+          { "name": "local-b", "ssh_host": "localhost", "workflow": "none.yml",
+            "configure_flags": [], "builddir": "rsync-citest-b", "privilege": "sudo" }
+        ] }
+        EOF
+    - name: fleettest --list (config sanity)
+      run: python3 testsuite/fleettest.py --fleet fleettest-ci.json --list
+    - name: run fleettest against localhost
+      # Two targets both on localhost exercise the parallel multi-target path
+      # and the per-run dir / port isolation; exit 0 iff every cell is OK.
+      run: python3 testsuite/fleettest.py --fleet fleettest-ci.json --timing

.github/workflows/freebsd-build.yml

@@ -0,0 +1,52 @@
+name: Test rsync on FreeBSD
+
+on:
+  push:
+    branches: [ master ]
+    paths-ignore:
+      - '.github/workflows/*.yml'
+      - '!.github/workflows/freebsd-build.yml'
+  pull_request:
+    branches: [ master ]
+    paths-ignore:
+      - '.github/workflows/*.yml'
+      - '!.github/workflows/freebsd-build.yml'
+  schedule:
+    - cron: '42 8 * * *'
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    name: Test rsync on FreeBSD
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    - name: Test in FreeBSD VM
+      id: test
+      uses: vmactions/freebsd-vm@v1
+      with:
+        usesh: true
+        prepare: |
+          pkg install -y bash autotools m4 devel/xxhash zstd liblz4 python3 archivers/liblz4 git
+        run: |
+          freebsd-version
+          ./configure --with-rrsync -disable-zstd --disable-md2man --disable-xxhash --disable-lz4
+          make
+          ./rsync --version
+          make check
+          ./runtests.py --rsync-bin=`pwd`/rsync --use-tcp -j 8
+          ./rsync-ssl --no-motd download.samba.org::rsyncftp/ || true
+    - name: save artifact
+      uses: actions/upload-artifact@v4
+      with:
+        retention-days: 45
+        name: freebsd-bin
+        path: |
+          rsync
+          rsync-ssl
+          rsync.1
+          rsync-ssl.1
+          rsyncd.conf.5
+          rrsync.1
+          rrsync

.github/workflows/macos-build.yml

@@ -0,0 +1,66 @@
+name: Test rsync on macOS
+
+on:
+  push:
+    branches: [ master ]
+    paths-ignore:
+      - '.github/workflows/*.yml'
+      - '!.github/workflows/macos-build.yml'
+  pull_request:
+    branches: [ master ]
+    paths-ignore:
+      - '.github/workflows/*.yml'
+      - '!.github/workflows/macos-build.yml'
+  schedule:
+    - cron: '42 8 * * *'
+
+jobs:
+  test:
+    runs-on: macos-latest
+    name: Test rsync on macOS
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    - name: prep
+      run: |
+        brew install automake openssl xxhash zstd lz4
+        pip3 install --user --break-system-packages commonmark
+        echo "$(brew --prefix)/bin" >>"$GITHUB_PATH"
+    - name: configure
+      run: |
+        BREW_PREFIX=$(brew --prefix)
+        OPENSSL_PREFIX=$(brew --prefix openssl)
+        CPPFLAGS="-I${BREW_PREFIX}/include -I${OPENSSL_PREFIX}/include" \
+        LDFLAGS="-L${BREW_PREFIX}/lib -L${OPENSSL_PREFIX}/lib" \
+        ./configure --with-rrsync
+    - name: make
+      run: make
+    - name: install
+      run: sudo make install
+    - name: info
+      run: rsync --version
+    - name: check
+      # chown-fake / devices-fake / xattrs / xattrs-hlink now RUN on macOS
+      # (rsyncfns.py drives xattrs via the `xattr` command), verified on a
+      # real macOS host, so they're no longer in the skip set.
+      run: sudo RSYNC_EXPECT_SKIPPED=acls-default,acls-depth,chmod-temp-dir,daemon-access-ip,daemon-chroot-acl,dir-sgid,open-noatime,preallocate,protected-regular,proxy-response-line-too-long,recv-discard-nullderef,simd-checksum,sparse make check
+    - name: check (TCP daemon transport)
+      # Second run with daemon tests over a real loopback rsyncd; the default
+      # 'make check' above uses the secure stdio-pipe transport.
+      run: sudo ./runtests.py --rsync-bin="$PWD/rsync" --use-tcp -j 8
+    - name: ssl file list
+      run: rsync-ssl --no-motd download.samba.org::rsyncftp/ || true
+    - name: save artifact
+      uses: actions/upload-artifact@v4
+      with:
+        retention-days: 45
+        name: macos-bin
+        path: |
+          rsync
+          rsync-ssl
+          rsync.1
+          rsync-ssl.1
+          rsyncd.conf.5
+          rrsync.1
+          rrsync

.github/workflows/netbsd-build.yml

@@ -0,0 +1,53 @@
+name: Test rsync on NetBSD
+
+on:
+  push:
+    branches: [ master ]
+    paths-ignore:
+      - '.github/workflows/*.yml'
+      - '!.github/workflows/netbsd-build.yml'
+  pull_request:
+    branches: [ master ]
+    paths-ignore:
+      - '.github/workflows/*.yml'
+      - '!.github/workflows/netbsd-build.yml'
+  schedule:
+    - cron: '42 8 * * *'
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    name: Test rsync on NetBSD
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    - name: Test in NetBSD VM
+      id: test
+      uses: vmactions/netbsd-vm@v1
+      with:
+        usesh: true
+        prepare: |
+          PATH=/usr/sbin:$PATH pkg_add autoconf automake python312
+          ln -sf /usr/pkg/bin/python3.12 /usr/pkg/bin/python3
+        run: |
+          uname -a
+          ./configure --with-rrsync --disable-zstd --disable-md2man --disable-xxhash --disable-lz4
+          make
+          ./rsync --version
+          make check
+          ./runtests.py --rsync-bin=`pwd`/rsync --use-tcp -j 8
+          ./rsync-ssl --no-motd download.samba.org::rsyncftp/ || true
+    - name: save artifact
+      uses: actions/upload-artifact@v4
+      with:
+        retention-days: 45
+        name: netbsd-bin
+        path: |
+          rsync
+          rsync-ssl
+          rsync.1
+          rsync-ssl.1
+          rsyncd.conf.5
+          rrsync.1
+          rrsync

.github/workflows/openbsd-build.yml

@@ -0,0 +1,62 @@
+name: Test rsync on OpenBSD
+
+on:
+  push:
+    branches: [ master ]
+    paths-ignore:
+      - '.github/workflows/*.yml'
+      - '!.github/workflows/openbsd-build.yml'
+  pull_request:
+    branches: [ master ]
+    paths-ignore:
+      - '.github/workflows/*.yml'
+      - '!.github/workflows/openbsd-build.yml'
+  schedule:
+    - cron: '42 8 * * *'
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    name: Test rsync on OpenBSD
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    - name: Test in OpenBSD VM
+      id: test
+      uses: vmactions/openbsd-vm@v1
+      with:
+        usesh: true
+        prepare: |
+          pkg_add -I bash autoconf%2.71 automake%1.16
+        run: |
+          uname -a
+          export AUTOCONF_VERSION=2.71
+          export AUTOMAKE_VERSION=1.16
+          ./configure --with-rrsync --disable-zstd --disable-md2man --disable-xxhash --disable-lz4
+          make
+          ./rsync --version
+          make check
+          # The --use-tcp daemon tests run at -j2 here (vs -j8 elsewhere): this
+          # job runs inside a nested VM, and at -j8 the many concurrent loopback
+          # daemons occasionally lose a connection-handshake timing race under
+          # that resource pressure, hanging one test to the 300s timeout. It is
+          # an environment artifact, not an rsync bug (the handshake is
+          # deadlock-free and unreproducible elsewhere, even pinned to 1 CPU at
+          # -j8); -j2 keeps the VM from over-subscribing. The pipe `make check`
+          # above stays at the default parallelism.
+          ./runtests.py --rsync-bin=`pwd`/rsync --use-tcp -j 2
+          ./rsync-ssl --no-motd download.samba.org::rsyncftp/ || true
+    - name: save artifact
+      uses: actions/upload-artifact@v4
+      with:
+        retention-days: 45
+        name: openbsd-bin
+        path: |
+          rsync
+          rsync-ssl
+          rsync.1
+          rsync-ssl.1
+          rsyncd.conf.5
+          rrsync.1
+          rrsync

.github/workflows/solaris-build.yml

@@ -0,0 +1,52 @@
+name: Test rsync on Solaris
+
+on:
+  push:
+    branches: [ master ]
+    paths-ignore:
+      - '.github/workflows/*.yml'
+      - '!.github/workflows/solaris-build.yml'
+  pull_request:
+    branches: [ master ]
+    paths-ignore:
+      - '.github/workflows/*.yml'
+      - '!.github/workflows/solaris-build.yml'
+  schedule:
+    - cron: '42 8 * * *'
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    name: Test rsync on Solaris
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    - name: Test in Solaris VM
+      id: test
+      uses: vmactions/solaris-vm@v1
+      with:
+        usesh: true
+        prepare: |
+          pkg install bash automake gnu-m4 pkg://solaris/runtime/python-35 autoconf gcc git
+        run: |
+          uname -a
+          ./configure --with-rrsync -disable-zstd --disable-md2man --disable-xxhash --disable-lz4
+          make
+          ./rsync --version
+          make check
+          ./runtests.py --rsync-bin=`pwd`/rsync --use-tcp -j 8
+          ./rsync-ssl --no-motd download.samba.org::rsyncftp/ || true
+    - name: save artifact
+      uses: actions/upload-artifact@v4
+      with:
+        retention-days: 45
+        name: solaris-bin
+        path: |
+          rsync
+          rsync-ssl
+          rsync.1
+          rsync-ssl.1
+          rsyncd.conf.5
+          rrsync.1
+          rrsync

.github/workflows/ubuntu-22.04-build.yml

@@ -0,0 +1,65 @@
+name: Test rsync on Ubuntu 22.04
+
+# Older-LTS coverage to help with backporting security fixes. ubuntu-22.04
+# is currently the oldest GitHub Actions runner image (20.04 was retired
+# in April 2025).
+
+on:
+  push:
+    branches: [ master ]
+    paths-ignore:
+      - '.github/workflows/*.yml'
+      - '!.github/workflows/ubuntu-22.04-build.yml'
+  pull_request:
+    branches: [ master ]
+    paths-ignore:
+      - '.github/workflows/*.yml'
+      - '!.github/workflows/ubuntu-22.04-build.yml'
+  schedule:
+    - cron: '42 8 * * *'
+
+jobs:
+  test:
+    runs-on: ubuntu-22.04
+    name: Test rsync on Ubuntu 22.04
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    - name: prep
+      run: |
+        sudo apt-get install acl libacl1-dev attr libattr1-dev liblz4-dev libzstd-dev libxxhash-dev python3-cmarkgfm openssl
+        echo "/usr/local/bin" >>"$GITHUB_PATH"
+    - name: configure
+      run: ./configure --with-rrsync
+    - name: make
+      run: make
+    - name: install
+      run: sudo make install
+    - name: info
+      run: rsync --version
+    - name: check
+      run: sudo RSYNC_EXPECT_SKIPPED=crtimes,daemon-access-ip,daemon-chroot-acl,proxy-response-line-too-long,recv-discard-nullderef make check
+    - name: check30
+      run: sudo RSYNC_EXPECT_SKIPPED=crtimes,daemon-access-ip,daemon-chroot-acl,proxy-response-line-too-long,recv-discard-nullderef make check30
+    - name: check29
+      run: sudo RSYNC_EXPECT_SKIPPED=crtimes,daemon-access-ip,daemon-chroot-acl,proxy-response-line-too-long,recv-discard-nullderef make check29
+    - name: check (TCP daemon transport)
+      # Second run with daemon tests over a real loopback rsyncd; the default
+      # 'make check' above uses the secure stdio-pipe transport.
+      run: sudo ./runtests.py --rsync-bin="$PWD/rsync" --use-tcp -j 8
+    - name: ssl file list
+      run: rsync-ssl --no-motd download.samba.org::rsyncftp/ || true
+    - name: save artifact
+      uses: actions/upload-artifact@v4
+      with:
+        retention-days: 45
+        name: ubuntu-22.04-bin
+        path: |
+          rsync
+          rsync-ssl
+          rsync.1
+          rsync-ssl.1
+          rsyncd.conf.5
+          rrsync.1
+          rrsync

.github/workflows/ubuntu-build.yml

@@ -0,0 +1,91 @@
+name: Test rsync on Ubuntu
+
+on:
+  push:
+    branches: [ master ]
+    paths-ignore:
+      - '.github/workflows/*.yml'
+      - '!.github/workflows/ubuntu-build.yml'
+  pull_request:
+    branches: [ master ]
+    paths-ignore:
+      - '.github/workflows/*.yml'
+      - '!.github/workflows/ubuntu-build.yml'
+  schedule:
+    - cron: '42 8 * * *'
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    name: Test rsync on Ubuntu
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    - name: prep
+      run: |
+        sudo apt-get install acl libacl1-dev attr libattr1-dev liblz4-dev libzstd-dev libxxhash-dev python3-cmarkgfm openssl
+        echo "/usr/local/bin" >>"$GITHUB_PATH"
+    - name: configure
+      run: ./configure --with-rrsync
+    - name: make
+      run: make
+    - name: install/uninstall DESTDIR smoke test
+      run: |
+        set -e
+        tmp="$(mktemp -d)"
+        trap 'rm -rf "$tmp"' EXIT
+
+        make install-all DESTDIR="$tmp"
+
+        for path in \
+          /usr/local/bin/rsync \
+          /usr/local/bin/rsync-ssl \
+          /usr/local/bin/rrsync \
+          /usr/local/share/man/man1/rsync.1 \
+          /usr/local/share/man/man1/rsync-ssl.1 \
+          /usr/local/share/man/man1/rrsync.1 \
+          /usr/local/share/man/man5/rsyncd.conf.5 \
+          /etc/stunnel/rsyncd.conf
+        do
+          test -e "$tmp$path"
+        done
+
+        make uninstall-all DESTDIR="$tmp"
+
+        leftover="$(find "$tmp" -type f -print)"
+        if [ -n "$leftover" ]; then
+          printf '%s\n' "$leftover"
+          exit 1
+        fi
+    - name: install
+      run: sudo make install
+    - name: info
+      run: rsync --version
+    - name: check
+      run: sudo RSYNC_EXPECT_SKIPPED=crtimes,daemon-access-ip,daemon-chroot-acl,proxy-response-line-too-long,recv-discard-nullderef make check
+    - name: check30
+      run: sudo RSYNC_EXPECT_SKIPPED=crtimes,daemon-access-ip,daemon-chroot-acl,proxy-response-line-too-long,recv-discard-nullderef make check30
+    - name: check29
+      run: sudo RSYNC_EXPECT_SKIPPED=crtimes,daemon-access-ip,daemon-chroot-acl,proxy-response-line-too-long,recv-discard-nullderef make check29
+    - name: check (TCP daemon transport)
+      # Second run with daemon tests over a real loopback rsyncd. The default
+      # 'make check' above uses the secure stdio-pipe transport (no listening
+      # sockets); this run exercises the real TCP accept/auth path. Skip-set
+      # is env-dependent here (chroot-acl), so leave RSYNC_EXPECT_SKIPPED unset.
+      run: sudo ./runtests.py --rsync-bin="$PWD/rsync" --use-tcp -j 8
+    - name: ssl file list
+      run: rsync-ssl --no-motd download.samba.org::rsyncftp/ || true
+    - name: save artifact
+      uses: actions/upload-artifact@v4
+      with:
+        retention-days: 45
+        name: ubuntu-bin
+        path: |
+          rsync
+          rsync-ssl
+          rsync.1
+          rsync-ssl.1
+          rsyncd.conf.5
+          rrsync.1
+          rrsync

.github/workflows/ubuntu-version-mix.yml

@@ -0,0 +1,77 @@
+name: Test rsync version mixing on Ubuntu
+
+# Runs the CURRENT test suite with two different rsync binaries: the freshly
+# built ./rsync as the client/driver, and a committed OLD static binary
+# (old_versions/rsync_<ver>) as the daemon / remote-shell peer. This exercises
+# real version mixing over the wire -- more convincing than --protocol forcing,
+# which only makes the current binary speak an old protocol.
+#
+# Direction is fixed: the current binary always drives (only it understands the
+# new test scripts); the old binary is only ever the server/daemon side. The
+# reverse (old client driving new scripts) is not possible -- but one test,
+# reverse-daemon-delta, swaps the roles internally (current build as the daemon,
+# old binary as the client) to cover the backward-compat direction: a current
+# daemon serving the installed base of old clients.
+#
+# The per-version manifest testsuite/expect/rsync_<ver>.expect lists exactly
+# which tests run and each one's expected outcome (pass/skip/fail/xfail), so an
+# old peer's known feature gaps are recorded rather than treated as breakage.
+#
+# All peers run in a SINGLE job (looped, not a matrix) so the PR shows one check
+# line rather than one per version. Each peer/transport is a foldable ::group::
+# in the log, and a failure annotates which peer/transport broke.
+
+on:
+  push:
+    branches: [ master ]
+    paths-ignore:
+      - '.github/workflows/*.yml'
+      - '!.github/workflows/ubuntu-version-mix.yml'
+  pull_request:
+    branches: [ master ]
+    paths-ignore:
+      - '.github/workflows/*.yml'
+      - '!.github/workflows/ubuntu-version-mix.yml'
+  schedule:
+    - cron: '52 8 * * *'
+
+jobs:
+  version-mix:
+    runs-on: ubuntu-latest
+    name: rsync version-mix
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    - name: prep
+      run: |
+        sudo apt-get install acl libacl1-dev attr libattr1-dev liblz4-dev libzstd-dev libxxhash-dev python3-cmarkgfm openssl
+        echo "/usr/local/bin" >>"$GITHUB_PATH"
+    - name: configure
+      run: ./configure --with-rrsync
+    - name: make
+      # check-progs builds rsync AND the test helper programs (tls, trimslash,
+      # t_unsafe, ...) that runtests.py requires; plain `make` does not.
+      run: make check-progs
+    - name: info
+      run: ./rsync --version | head -1
+    - name: version mixing (all peers, pipe + TCP transports)
+      run: |
+        rc=0
+        for peer in old_versions/rsync_*; do
+          chmod +x "$peer"
+          name=$(basename "$peer")
+          expect="testsuite/expect/$name.expect"
+          for transport in pipe tcp; do
+            tcp=()
+            [ "$transport" = tcp ] && tcp=(--use-tcp)
+            echo "::group::$name ($transport): $("$peer" --version | head -1)"
+            if ! ./runtests.py --rsync-bin="$PWD/rsync" --rsync-bin2="$PWD/$peer" \
+                  --expect-result "$expect" "${tcp[@]}" -j 8; then
+              echo "::error::version-mix failed: $name ($transport)"
+              rc=1
+            fi
+            echo "::endgroup::"
+          done
+        done
+        exit $rc

.gitignore

@@ -15,22 +15,27 @@ config.status
 aclocal.m4
 /proto.h
 /proto.h-tstamp
-/rsync*.1
-/rsync*.5
+/rsync*.[15]
+/rrsync
+/rrsync*.1
 /rsync*.html
+/rrsync*.html
 /help-rsync*.h
 /default-cvsignore.h
 /default-dont-compress.h
+/daemon-parm.h
 /.md2man-works
 /autom4te*.cache
 /confdefs.h
 /conftest*
 /dox
 /getgroups
+/gists
 /gmon.out
 /rsync
 /stunnel-rsyncd.conf
 /shconfig
+/git-version.h
 /testdir
 /tests-dont-exist
 /testtmp
@@ -47,8 +52,11 @@ aclocal.m4
 /testsuite/chown-fake.test
 /testsuite/devices-fake.test
 /testsuite/xattrs-hlink.test
+/testsuite/fleettest.json
 /patches
 /patches.gen
 /build
 /auto-build-save
 .deps
+/*.exe
+*.dSYM/

COPYING

@@ -1,7 +1,16 @@
+REGARDING OPENSSL AND XXHASH
+
+In addition, as a special exception, the copyright holders give
+permission to dynamically link rsync with the OpenSSL and xxhash
+libraries when those libraries are being distributed in compliance
+with their license terms, and to distribute a dynamically linked
+combination of rsync and these libraries.  This is also considered
+to be covered under the GPL's System Libraries exception.
+
                     GNU GENERAL PUBLIC LICENSE
                        Version 3, 29 June 2007
 
- Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.
 
@@ -645,7 +654,7 @@ the "copyright" line and a pointer to where the full notice is found.
     GNU General Public License for more details.
 
     You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
 Also add information on how to contact you by electronic and paper mail.
 
@@ -664,20 +673,11 @@ might be different; for a GUI interface, you would use an "about box".
   You should also get your employer (if you work as a programmer) or school,
 if any, to sign a "copyright disclaimer" for the program, if necessary.
 For more information on this, and how to apply and follow the GNU GPL, see
-<http://www.gnu.org/licenses/>.
+<https://www.gnu.org/licenses/>.
 
   The GNU General Public License does not permit incorporating your program
 into proprietary programs.  If your program is a subroutine library, you
 may consider it more useful to permit linking proprietary applications with
 the library.  If this is what you want to do, use the GNU Lesser General
 Public License instead of this License.  But first, please read
-<http://www.gnu.org/philosophy/why-not-lgpl.html>.
-
-REGARDING OPENSSL AND XXHASH
-
-In addition, as a special exception, the copyright holders give
-permission to dynamically link rsync with the OpenSSL and xxhash
-libraries when those libraries are being distributed in compliance
-with their license terms, and to distribute a dynamically linked
-combination of rsync and these libraries.  This is also considered
-to be covered under the GPL's System Libraries exception.
+<https://www.gnu.org/licenses/why-not-lgpl.html>.

INSTALL.md

@@ -1,13 +1,202 @@
-To build and install rsync:
+# How to build and install rsync
 
-    $ ./configure
-    $ make
-    # make install
+When building rsync, you'll want to install various libraries in order to get
+all the features enabled.  The configure script will alert you when the
+newest libraries are missing and tell you the appropriate `--disable-LIB`
+option to use if you want to just skip that feature.  What follows are various
+support libraries that you may want to install to build rsync with the maximum
+features (the impatient can skip down to the package summary):
 
-You may set the installation directory and other parameters by options
-to ./configure.  To see them, use:
+## Ubuntu users: skip the build, use the PPA
 
-    $ ./configure --help
+If you are on a currently supported Ubuntu series (jammy 22.04 LTS, noble
+24.04 LTS, questing 25.10, resolute 26.04 LTS) and just want the latest
+upstream rsync, the rsync project maintains a Launchpad PPA that tracks
+stable releases:
+
+>     sudo add-apt-repository ppa:rsyncproject/rsync
+>     sudo apt update && sudo apt install rsync
+
+See [the PPA page][ppa] for current build status across architectures.
+
+[ppa]: https://launchpad.net/~rsyncproject/+archive/ubuntu/rsync
+
+To test the upcoming release instead, there is also a [`rsync-latest`
+PPA][ppa-latest] that is rebuilt from the tip of the git master branch.  These
+are development snapshots whose version numbers (such as
+`3.5.0~git20260601...`) deliberately sort below the matching stable release, so
+the stable PPA above will never silently move you from a release onto a
+snapshot.  Use it for testing only -- it may contain unreleased changes:
+
+>     sudo add-apt-repository ppa:rsyncproject/rsync-latest
+>     sudo apt update && sudo apt install rsync
+
+[ppa-latest]: https://launchpad.net/~rsyncproject/+archive/ubuntu/rsync-latest
+
+The rest of this document covers building from source.
+
+## The basic setup
+
+You need to have a C compiler installed and optionally a C++ compiler in order
+to try to build some hardware-accelerated checksum routines.  Rsync also needs
+a modern awk, which might be provided via gawk or nawk on some OSes.
+
+## Autoconf & manpages
+
+If you're installing from the git repo (instead of a release tar file) you'll
+also need the GNU autotools (autoconf & automake) and your choice of 2 python3
+markdown libraries: cmarkgfm or commonmark (needed to generate the manpages).
+If your OS doesn't provide a python3-cmarkgfm or python3-commonmark package,
+you can run the following to install the commonmark python library for your
+build user (after installing python3's pip package):
+
+>     python3 -mpip install --user commonmark
+
+You can test if you've got it fixed by running (from the rsync checkout):
+
+>     ./md-convert --test rsync-ssl.1.md
+
+Alternately, you can avoid generating the manpages by fetching the very latest
+versions (that match the latest git source) from the [generated-files][6] dir.
+One way to do that is to run:
+
+>     ./prepare-source fetchgen
+
+[6]: https://download.samba.org/pub/rsync/generated-files/
+
+## ACL support
+
+To support copying ACL file information, make sure you have an acl
+development library installed. It also helps to have the helper programs
+installed to manipulate ACLs and to run the rsync testsuite.
+
+## Xattr support
+
+To support copying xattr file information, make sure you have an attr
+development library installed. It also helps to have the helper programs
+installed to manipulate xattrs and to run the rsync testsuite.
+
+## xxhash
+
+The [xxHash library][1] provides extremely fast checksum functions that can
+make the "rsync algorithm" run much more quickly, especially when matching
+blocks in large files.  Installing this development library adds xxhash
+checksums as the default checksum algorithm.  You'll need at least v0.8.0
+if you want rsync to include the full range of its checksum algorithms.
+
+[1]: https://cyan4973.github.io/xxHash/
+
+## zstd
+
+The [zstd library][2] compression algorithm that uses less CPU than
+the default zlib algorithm at the same compression level.  Note that you
+need at least version 1.4, so you might need to skip the zstd compression if
+you can only install a 1.3 release.  Installing this development library
+adds zstd compression as the default compression algorithm.
+
+[2]: http://facebook.github.io/zstd/
+
+## lz4
+
+The [lz4 library][3] compression algorithm that uses very little CPU, though
+it also has the smallest compression ratio of other algorithms.  Installing
+this development library adds lz4 compression as an available compression
+algorithm.
+
+[3]: https://lz4.github.io/lz4/
+
+## openssl crypto
+
+The [openssl crypto library][4] provides some hardware accelerated checksum
+algorithms for MD4 and MD5.  Installing this development library makes rsync
+use the (potentially) faster checksum routines when computing MD4 & MD5
+checksums.
+
+[4]: https://www.openssl.org/docs/man1.0.2/man3/crypto.html
+
+## Package summary
+
+To help you get the libraries installed, here are some package install commands
+for various OSes.  The commands are split up to correspond with the above
+items, but feel free to combine the package names into a single install, if you
+like.
+
+ -  For Debian and Ubuntu (Debian Buster users may want to briefly(?) enable
+    buster-backports to update zstd from 1.3 to 1.4):
+
+    >     sudo apt install -y gcc g++ gawk autoconf automake python3-cmarkgfm
+    >     sudo apt install -y acl libacl1-dev
+    >     sudo apt install -y attr libattr1-dev
+    >     sudo apt install -y libxxhash-dev
+    >     sudo apt install -y libzstd-dev
+    >     sudo apt install -y liblz4-dev
+    >     sudo apt install -y libssl-dev
+
+Or run support/install_deps_ubuntu.sh
+
+ -  For CentOS (use EPEL for python3-pip):
+
+    >     sudo yum -y install epel-release
+    >     sudo yum -y install gcc g++ gawk autoconf automake python3-pip
+    >     sudo yum -y install acl libacl-devel
+    >     sudo yum -y install attr libattr-devel
+    >     sudo yum -y install xxhash-devel
+    >     sudo yum -y install libzstd-devel
+    >     sudo yum -y install lz4-devel
+    >     sudo yum -y install openssl-devel
+    >     python3 -mpip install --user commonmark
+
+ -  For Fedora 33:
+
+    >     sudo dnf -y install acl libacl-devel
+    >     sudo dnf -y install attr libattr-devel
+    >     sudo dnf -y install xxhash-devel
+    >     sudo dnf -y install libzstd-devel
+    >     sudo dnf -y install lz4-devel
+    >     sudo dnf -y install openssl-devel
+
+ -  For FreeBSD (this assumes that the python3 version is 3.7):
+
+    >     sudo pkg install -y autotools python3 py37-CommonMark
+    >     sudo pkg install -y xxhash
+    >     sudo pkg install -y zstd
+    >     sudo pkg install -y liblz4
+
+ -  For macOS:
+
+    >     brew install automake
+    >     brew install xxhash
+    >     brew install zstd
+    >     brew install lz4
+    >     brew install openssl
+
+ -  For Cygwin (with all cygwin programs stopped, run the appropriate setup program from a cmd shell):
+
+    >     setup-x86_64 --quiet-mode -P make,gawk,autoconf,automake,gcc-core,python38,python38-pip
+    >     setup-x86_64 --quiet-mode -P attr,libattr-devel
+    >     setup-x86_64 --quiet-mode -P libzstd-devel
+    >     setup-x86_64 --quiet-mode -P liblz4-devel
+    >     setup-x86_64 --quiet-mode -P libssl-devel
+
+    Sometimes cygwin has commonmark packaged and sometimes it doesn't. Now that
+    its python38 has stabilized, you could install python38-commonmark. Or just
+    avoid the issue by running this from a bash shell as your build user:
+
+    >     python3 -mpip install --user commonmark
+
+## Build and install
+
+After installing the various libraries, you need to configure, build, and
+install the source:
+
+>      ./configure
+>      make
+>      sudo make install
+
+The default install path is /usr/local/bin, but you can set the installation
+directory and other parameters using options to ./configure.  To see them, use:
+
+>     ./configure --help
 
 Configure tries to figure out if the local system uses group "nobody" or
 "nogroup" by looking in the /etc/group file.  (This is only used for the
@@ -19,56 +208,68 @@ config.h, or just override them in your /etc/rsyncd.conf file.
 As of 2.4.7, rsync uses Eric Troan's popt option-parsing library.  A
 cut-down copy of a recent release is included in the rsync distribution,
 and will be used if there is no popt library on your build host, or if
-the --with-included-popt option is passed to ./configure.
+the `--with-included-popt` option is passed to ./configure.
 
-If you configure using --enable-maintainer-mode, then rsync will try
+If you configure using `--enable-maintainer-mode`, then rsync will try
 to pop up an xterm on DISPLAY=:0 if it crashes.  You might find this
 useful, but it should be turned off for production builds.
 
-MAKE COMPATIBILITY
-------------------
+If you want to automatically use a separate "build" directory based on
+the current git branch name, start with a pristine git checkout and run
+"mkdir auto-build-save" before you run the first ./configure command.
+That will cause a fresh build dir to spring into existence along with a
+special Makefile symlink that allows you to run "make" and "./configure"
+from the source dir (the "build" dir gets auto switched based on branch).
+This is helpful when using the branch-from-patch and patch-update scripts
+to maintain the official rsync patches.  If you ever need to build from
+a "detached head" git position then you'll need to manually chdir into
+the build dir to run make.  I also like to create 2 more symlinks in the
+source dir:  `ln -s build/rsync . ; ln -s build/testtmp .`
+
+## Make compatibility
 
 Note that Makefile.in has a rule that uses a wildcard in a prerequisite.  If
 your make has a problem with this rule, you will see an error like this:
 
     Don't know how to make ./*.c
 
-You can change the "proto.h-tstamp" target in Makefile.in to list all the *.c
+You can change the "proto.h-tstamp" target in Makefile.in to list all the \*.c
 filenames explicitly in order to avoid this issue.
 
-RPM NOTES
----------
+## RPM notes
 
 Under packaging you will find .spec files for several distributions.
 The .spec file in packaging/lsb can be used for Linux systems that
 adhere to the Linux Standards Base (e.g., RedHat and others).
 
-HP-UX NOTES
------------
+## HP-UX notes
 
 The HP-UX 10.10 "bundled" C compiler seems not to be able to cope with
 ANSI C.  You may see this error message in config.log if ./configure
 fails:
 
-  (Bundled) cc: "configure", line 2162: error 1705: Function prototypes are an ANSI feature.
+    (Bundled) cc: "configure", line 2162: error 1705: Function prototypes are an ANSI feature.
 
 Install gcc or HP's "ANSI/C Compiler".
 
-MAC OSX NOTES
--------------
+## Mac OS X notes
 
 Some versions of Mac OS X (Darwin) seem to have an IPv6 stack, but do
-not completely implement the "New Sockets" API.  
+not completely implement the "New Sockets" API.
 
-<http://www.ipv6.org/impl/mac.html> says that Apple started to support
-IPv6 in 10.2 (Jaguar).  If your build fails, try again after running
-configure with --disable-ipv6.
+[This site][5] says that Apple started to support IPv6 in 10.2 (Jaguar).  If
+your build fails, try again after running configure with `--disable-ipv6`.
 
-IBM AIX NOTES
--------------
+Apple Silicon macs may install packages in a slightly different location and require flags.
+CFLAGS="-I /opt/homebrew/include" LDFLAGS="-L /opt/homebrew/lib"
+
+[5]: http://www.ipv6.org/impl/mac.html
+
+## IBM AIX notes
 
 IBM AIX has a largefile problem with mkstemp.  See IBM PR-51921.
-The workaround is to append the below to config.h
-	#ifdef _LARGE_FILES
-	#undef HAVE_SECURE_MKSTEMP
-	#endif
+The workaround is to append the following to config.h:
+
+>     #ifdef _LARGE_FILES
+>     #undef HAVE_SECURE_MKSTEMP
+>     #endif

Makefile.in

@@ -1,4 +1,4 @@
-# The input file that configure uses to create the Makefile for rsync.
+# The Makefile for rsync (configure creates it from Makefile.in).
 
 prefix=@prefix@
 datarootdir=@datarootdir@
@@ -6,6 +6,7 @@ exec_prefix=@exec_prefix@
 bindir=@bindir@
 libdir=@libdir@/rsync
 mandir=@mandir@
+with_rrsync=@with_rrsync@
 
 LIBS=@LIBS@
 CC=@CC@
@@ -29,37 +30,41 @@ SHELL=/bin/sh
 .SUFFIXES:
 .SUFFIXES: .c .o
 
-SIMD_x86_64=simd-checksum-x86_64.o
-ASM_x86_64=lib/md5-asm-x86_64.o
+ROLL_SIMD_x86_64=simd-checksum-x86_64.o
+ROLL_ASM_x86_64=simd-checksum-avx2.o
+MD5_ASM_x86_64=lib/md5-asm-x86_64.o
 
-GENFILES=configure.sh aclocal.m4 config.h.in proto.h proto.h-tstamp rsync.1 rsync.1.html \
-	 rsync-ssl.1 rsync-ssl.1.html rsyncd.conf.5 rsyncd.conf.5.html
+GENFILES=configure.sh aclocal.m4 config.h.in rsync.1 rsync.1.html \
+	 rsync-ssl.1 rsync-ssl.1.html rsyncd.conf.5 rsyncd.conf.5.html \
+	 @GEN_RRSYNC@
 HEADERS=byteorder.h config.h errcode.h proto.h rsync.h ifuncs.h itypes.h inums.h \
-	lib/pool_alloc.h lib/mdigest.h lib/md-defines.h version.h
+	lib/pool_alloc.h lib/mdigest.h lib/md-defines.h
 LIBOBJ=lib/wildmatch.o lib/compat.o lib/snprintf.o lib/mdfour.o lib/md5.o \
 	lib/permstring.o lib/pool_alloc.o lib/sysacls.o lib/sysxattrs.o @LIBOBJS@
 zlib_OBJS=zlib/deflate.o zlib/inffast.o zlib/inflate.o zlib/inftrees.o \
 	zlib/trees.o zlib/zutil.o zlib/adler32.o zlib/compress.o zlib/crc32.o
 OBJS1=flist.o rsync.o generator.o receiver.o cleanup.o sender.o exclude.o \
-	util.o util2.o main.o checksum.o match.o syscall.o log.o backup.o delete.o
+	util1.o util2.o main.o checksum.o match.o syscall.o android.o log.o backup.o delete.o
 OBJS2=options.o io.o compat.o hlink.o token.o uidlist.o socket.o hashtable.o \
-	fileio.o batch.o clientname.o chmod.o acls.o xattrs.o
-OBJS3=progress.o pipe.o @ASM@
+	usage.o fileio.o batch.o clientname.o chmod.o acls.o xattrs.o
+OBJS3=progress.o pipe.o @MD5_ASM@ @ROLL_SIMD@ @ROLL_ASM@
 DAEMON_OBJ = params.o loadparm.o clientserver.o access.o connection.o authenticate.o
-popt_OBJS=popt/findme.o  popt/popt.o  popt/poptconfig.o \
-	popt/popthelp.o popt/poptparse.o
-OBJS=$(OBJS1) $(OBJS2) $(OBJS3) @SIMD@ $(DAEMON_OBJ) $(LIBOBJ) @BUILD_ZLIB@ @BUILD_POPT@
+popt_OBJS= popt/popt.o  popt/poptconfig.o \
+	popt/popthelp.o popt/poptparse.o popt/poptint.o
+OBJS=$(OBJS1) $(OBJS2) $(OBJS3) $(DAEMON_OBJ) $(LIBOBJ) @BUILD_ZLIB@ @BUILD_POPT@
 
-TLS_OBJ = tls.o syscall.o t_stub.o lib/compat.o lib/snprintf.o lib/permstring.o lib/sysxattrs.o @BUILD_POPT@
+TLS_OBJ = tls.o syscall.o android.o util2.o t_stub.o lib/compat.o lib/snprintf.o lib/permstring.o lib/sysxattrs.o @BUILD_POPT@
 
 # Programs we must have to run the test cases
 CHECK_PROGS = rsync$(EXEEXT) tls$(EXEEXT) getgroups$(EXEEXT) getfsdev$(EXEEXT) \
-	testrun$(EXEEXT) trimslash$(EXEEXT) t_unsafe$(EXEEXT) wildtest$(EXEEXT)
+	testrun$(EXEEXT) trimslash$(EXEEXT) t_unsafe$(EXEEXT) t_chmod_secure$(EXEEXT) \
+	t_secure_relpath$(EXEEXT) wildtest$(EXEEXT) simdtest$(EXEEXT)
 
-CHECK_SYMLINKS = testsuite/chown-fake.test testsuite/devices-fake.test testsuite/xattrs-hlink.test
+CHECK_SYMLINKS = testsuite/chown-fake_test.py testsuite/devices-fake_test.py \
+	testsuite/xattrs-hlink_test.py testsuite/exclude-lsh_test.py
 
 # Objects for CHECK_PROGS to clean
-CHECK_OBJS=tls.o testrun.o getgroups.o getfsdev.o t_stub.o t_unsafe.o trimslash.o wildtest.o
+CHECK_OBJS=tls.o testrun.o getgroups.o getfsdev.o t_stub.o t_unsafe.o t_chmod_secure.o t_secure_relpath.o trimslash.o wildtest.o
 
 # note that the -I. is needed to handle config.h when using VPATH
 .c.o:
@@ -67,41 +72,71 @@ CHECK_OBJS=tls.o testrun.o getgroups.o getfsdev.o t_stub.o t_unsafe.o trimslash.
 	$(CC) -I. -I$(srcdir) $(CFLAGS) $(CPPFLAGS) -c $< @CC_SHOBJ_FLAG@
 @OBJ_RESTORE@
 
+# NOTE: consider running "packaging/smart-make" instead of "make" to auto-handle
+# any changes to configure.sh and the main Makefile prior to a "make all".
+all: Makefile rsync$(EXEEXT) stunnel-rsyncd.conf @MAKE_RRSYNC@ @MAKE_MAN@
 .PHONY: all
-all: Makefile rsync$(EXEEXT) stunnel-rsyncd.conf @MAKE_MAN@
 
 .PHONY: install
 install: all
-	-${MKDIR_P} ${DESTDIR}${bindir}
-	${INSTALLCMD} ${INSTALL_STRIP} -m 755 rsync$(EXEEXT) ${DESTDIR}${bindir}
-	${INSTALLCMD} -m 755 $(srcdir)/rsync-ssl ${DESTDIR}${bindir}
-	-${MKDIR_P} ${DESTDIR}${mandir}/man1
-	-${MKDIR_P} ${DESTDIR}${mandir}/man5
-	if test -f rsync.1; then ${INSTALLMAN} -m 644 rsync.1 ${DESTDIR}${mandir}/man1; fi
-	if test -f rsync-ssl.1; then ${INSTALLMAN} -m 644 rsync-ssl.1 ${DESTDIR}${mandir}/man1; fi
-	if test -f rsyncd.conf.5; then ${INSTALLMAN} -m 644 rsyncd.conf.5 ${DESTDIR}${mandir}/man5; fi
+	-$(MKDIR_P) $(DESTDIR)$(bindir)
+	$(INSTALLCMD) $(INSTALL_STRIP) -m 755 rsync$(EXEEXT) $(DESTDIR)$(bindir)
+	$(INSTALLCMD) -m 755 $(srcdir)/rsync-ssl $(DESTDIR)$(bindir)
+	-$(MKDIR_P) $(DESTDIR)$(mandir)/man1
+	-$(MKDIR_P) $(DESTDIR)$(mandir)/man5
+	for fn in rsync.1 rsync-ssl.1; do \
+	    if test -f $$fn; then $(INSTALLMAN) -m 644 $$fn $(DESTDIR)$(mandir)/man1; \
+	    elif test -f $(srcdir)/$$fn; then $(INSTALLMAN) -m 644 $(srcdir)/$$fn $(DESTDIR)$(mandir)/man1; fi; \
+	done
+	for fn in rsyncd.conf.5; do \
+	    if test -f $$fn; then $(INSTALLMAN) -m 644 $$fn $(DESTDIR)$(mandir)/man5; \
+	    elif test -f $(srcdir)/$$fn; then $(INSTALLMAN) -m 644 $(srcdir)/$$fn $(DESTDIR)$(mandir)/man5; fi; \
+	done
+	if test "$(with_rrsync)" = yes; then \
+	    $(INSTALLCMD) -m 755 rrsync $(DESTDIR)$(bindir); \
+	    fn=rrsync.1; \
+	    if test -f $$fn; then $(INSTALLMAN) -m 644 $$fn $(DESTDIR)$(mandir)/man1; \
+	    elif test -f $(srcdir)/$$fn; then $(INSTALLMAN) -m 644 $(srcdir)/$$fn $(DESTDIR)$(mandir)/man1; fi; \
+	fi
 
 install-ssl-daemon: stunnel-rsyncd.conf
-	-${MKDIR_P} ${DESTDIR}/etc/stunnel
-	${INSTALLCMD} -m 644 stunnel-rsyncd.conf ${DESTDIR}/etc/stunnel/rsyncd.conf
+	-$(MKDIR_P) $(DESTDIR)/etc/stunnel
+	$(INSTALLCMD) -m 644 stunnel-rsyncd.conf $(DESTDIR)/etc/stunnel/rsyncd.conf
 	@if ! ls /etc/rsync-ssl/certs/server.* >/dev/null 2>/dev/null; then \
 	    echo "Note that you'll need to install the certificate used by /etc/stunnel/rsyncd.conf"; \
 	fi
 
-install-all: install install-ssl-client install-ssl-daemon
+install-all: install install-ssl-daemon
 
 install-strip:
 	$(MAKE) INSTALL_STRIP='-s' install
 
+.PHONY: uninstall
+uninstall:
+	rm -f $(DESTDIR)$(bindir)/rsync$(EXEEXT) $(DESTDIR)$(bindir)/rsync-ssl
+	rm -f $(DESTDIR)$(bindir)/rrsync
+	rm -f $(DESTDIR)$(mandir)/man1/rsync.1 $(DESTDIR)$(mandir)/man1/rsync-ssl.1
+	rm -f $(DESTDIR)$(mandir)/man1/rrsync.1
+	rm -f $(DESTDIR)$(mandir)/man5/rsyncd.conf.5
+
+.PHONY: uninstall-ssl-daemon
+uninstall-ssl-daemon:
+	rm -f $(DESTDIR)/etc/stunnel/rsyncd.conf
+
+.PHONY: uninstall-all
+uninstall-all: uninstall uninstall-ssl-daemon
+
 rsync$(EXEEXT): $(OBJS)
 	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(OBJS) $(LIBS)
 
+rrsync: support/rrsync
+	cp -p $(srcdir)/support/rrsync rrsync
+
 $(OBJS): $(HEADERS)
 $(CHECK_OBJS): $(HEADERS)
 tls.o xattrs.o: lib/sysxattrs.h
-options.o: latest-year.h help-rsync.h help-rsyncd.h
-exclude.o: default-cvsignore.h
-loadparm.o: default-dont-compress.h
+usage.o: version.h latest-year.h help-rsync.h help-rsyncd.h git-version.h default-cvsignore.h
+loadparm.o: default-dont-compress.h daemon-parm.h
 
 flist.o: rounding.h
 
@@ -111,6 +146,9 @@ default-cvsignore.h default-dont-compress.h: rsync.1.md define-from-md.awk
 help-rsync.h help-rsyncd.h: rsync.1.md help-from-md.awk
 	$(AWK) -f $(srcdir)/help-from-md.awk -v hfile=$@ $(srcdir)/rsync.1.md
 
+daemon-parm.h: daemon-parm.txt daemon-parm.awk
+	$(AWK) -f $(srcdir)/daemon-parm.awk $(srcdir)/daemon-parm.txt
+
 rounding.h: rounding.c rsync.h proto.h
 	@for r in 0 1 3; do \
 	    if $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o rounding -DEXTRA_ROUNDING=$$r -I. $(srcdir)/rounding.c >rounding.out 2>&1; then \
@@ -129,11 +167,20 @@ rounding.h: rounding.c rsync.h proto.h
 	fi
 	@rm -f rounding.out
 
-simd-checksum-x86_64.o: simd-checksum-x86_64.cpp
-	@$(srcdir)/cmdormsg disable-simd $(CXX) -I. $(CXXFLAGS) $(CPPFLAGS) -c -o $@ $(srcdir)/simd-checksum-x86_64.cpp
+git-version.h: ALWAYS_RUN
+	$(srcdir)/mkgitver
 
-lib/md5-asm-x86_64.o: lib/md5-asm-x86_64.S config.h lib/md-defines.h
-	@$(srcdir)/cmdormsg disable-asm $(CC) -I. @NOEXECSTACK@ -c -o $@ $(srcdir)/lib/md5-asm-x86_64.S
+.PHONY: ALWAYS_RUN
+ALWAYS_RUN:
+
+simd-checksum-x86_64.o: simd-checksum-x86_64.cpp
+	@$(srcdir)/cmd-or-msg disable-roll-simd $(CXX) -I. $(CXXFLAGS) $(CPPFLAGS) -c -o $@ $(srcdir)/simd-checksum-x86_64.cpp
+
+simd-checksum-avx2.o: simd-checksum-avx2.S
+	@$(srcdir)/cmd-or-msg disable-roll-asm $(CC) $(CFLAGS) -I. @NOEXECSTACK@ -c -o $@ $(srcdir)/simd-checksum-avx2.S
+
+lib/md5-asm-x86_64.o: lib/md5-asm-x86_64.S lib/md-defines.h
+	@$(srcdir)/cmd-or-msg disable-md5-asm $(CC) -I. @NOEXECSTACK@ -c -o $@ $(srcdir)/lib/md5-asm-x86_64.S
 
 tls$(EXEEXT): $(TLS_OBJ)
 	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(TLS_OBJ) $(LIBS)
@@ -147,23 +194,27 @@ getgroups$(EXEEXT): getgroups.o
 getfsdev$(EXEEXT): getfsdev.o
 	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ getfsdev.o $(LIBS)
 
-TRIMSLASH_OBJ = trimslash.o syscall.o t_stub.o lib/compat.o lib/snprintf.o
+TRIMSLASH_OBJ = trimslash.o syscall.o android.o util2.o t_stub.o lib/compat.o lib/snprintf.o
 trimslash$(EXEEXT): $(TRIMSLASH_OBJ)
 	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(TRIMSLASH_OBJ) $(LIBS)
 
-T_UNSAFE_OBJ = t_unsafe.o syscall.o util.o util2.o t_stub.o lib/compat.o lib/snprintf.o lib/wildmatch.o
+T_UNSAFE_OBJ = t_unsafe.o syscall.o android.o util1.o util2.o t_stub.o lib/compat.o lib/snprintf.o lib/wildmatch.o
 t_unsafe$(EXEEXT): $(T_UNSAFE_OBJ)
 	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(T_UNSAFE_OBJ) $(LIBS)
 
+T_CHMOD_SECURE_OBJ = t_chmod_secure.o syscall.o android.o util1.o util2.o t_stub.o lib/compat.o lib/snprintf.o lib/wildmatch.o lib/permstring.o
+t_chmod_secure$(EXEEXT): $(T_CHMOD_SECURE_OBJ)
+	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(T_CHMOD_SECURE_OBJ) $(LIBS)
+
+T_SECURE_RELPATH_OBJ = t_secure_relpath.o syscall.o android.o util1.o util2.o t_stub.o lib/compat.o lib/snprintf.o lib/wildmatch.o lib/permstring.o
+t_secure_relpath$(EXEEXT): $(T_SECURE_RELPATH_OBJ)
+	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(T_SECURE_RELPATH_OBJ) $(LIBS)
+
 .PHONY: conf
 conf: configure.sh config.h.in
 
 .PHONY: gen
-gen: conf proto.h man
-
-.PHONY: gensend
-gensend: gen
-	rsync -aic $(GENFILES) $${SAMBA_HOST-samba.org}:/home/ftp/pub/rsync/generated-files/
+gen: conf proto.h man git-version.h
 
 aclocal.m4: $(srcdir)/m4/*.m4
 	aclocal -I $(srcdir)/m4
@@ -185,7 +236,7 @@ configure.sh config.h.in: configure.ac aclocal.m4
 	else \
 	    echo "config.h.in has CHANGED."; \
 	fi
-	@if test -f configure.sh.old -o -f config.h.in.old; then \
+	@if test -f configure.sh.old || test -f config.h.in.old; then \
 	    if test "$(MAKECMDGOALS)" = reconfigure; then \
 		echo 'Continuing with "make reconfigure".'; \
 	    else \
@@ -228,25 +279,31 @@ proto: proto.h-tstamp
 proto.h: proto.h-tstamp
 	@if test -f proto.h; then :; else cp -p $(srcdir)/proto.h .; fi
 
-proto.h-tstamp: $(srcdir)/*.c $(srcdir)/lib/compat.c config.h
-	$(AWK) -f $(srcdir)/mkproto.awk $(srcdir)/*.c $(srcdir)/lib/compat.c
+proto.h-tstamp: $(srcdir)/*.c $(srcdir)/lib/compat.c daemon-parm.h
+	$(AWK) -f $(srcdir)/mkproto.awk $(srcdir)/*.c $(srcdir)/lib/compat.c daemon-parm.h
 
 .PHONY: man
-man: rsync.1 rsync-ssl.1 rsyncd.conf.5
+man: rsync.1 rsync-ssl.1 rsyncd.conf.5 @MAKE_RRSYNC_1@
 
-rsync.1: rsync.1.md md2man version.h Makefile
-	@$(srcdir)/maybe-make-man $(srcdir) rsync.1.md
+rsync.1: rsync.1.md md-convert version.h Makefile
+	@$(srcdir)/maybe-make-man rsync.1.md
 
-rsync-ssl.1: rsync-ssl.1.md md2man version.h Makefile
-	@$(srcdir)/maybe-make-man $(srcdir) rsync-ssl.1.md
+rsync-ssl.1: rsync-ssl.1.md md-convert version.h Makefile
+	@$(srcdir)/maybe-make-man rsync-ssl.1.md
 
-rsyncd.conf.5: rsyncd.conf.5.md md2man version.h Makefile
-	@$(srcdir)/maybe-make-man $(srcdir) rsyncd.conf.5.md
+rsyncd.conf.5: rsyncd.conf.5.md md-convert version.h Makefile
+	@$(srcdir)/maybe-make-man rsyncd.conf.5.md
+
+rrsync.1: support/rrsync.1.md md-convert Makefile
+	@$(srcdir)/maybe-make-man support/rrsync.1.md
 
 .PHONY: clean
 clean: cleantests
-	rm -f *~ $(OBJS) $(CHECK_PROGS) $(CHECK_OBJS) $(CHECK_SYMLINKS) \
-		rounding rounding.h *.old rsync*.1 rsync*.5 rsync*.html
+	rm -f *~ $(OBJS) $(CHECK_PROGS) $(CHECK_OBJS) $(CHECK_SYMLINKS) @MAKE_RRSYNC@ \
+		git-version.h rounding rounding.h *.old rsync*.1 rsync*.5 @MAKE_RRSYNC_1@ \
+		*.html daemon-parm.h help-*.h default-*.h proto.h proto.h-tstamp
+	rm -f *.gcno *.gcda lib/*.gcno lib/*.gcda zlib/*.gcno zlib/*.gcda popt/*.gcno popt/*.gcda
+	rm -rf coverage coverage-tcp coverage-all coverage-fallback
 
 .PHONY: cleantests
 cleantests:
@@ -257,16 +314,11 @@ cleantests:
 # the source directory.
 .PHONY: distclean
 distclean: clean
-	rm -f Makefile config.h config.status
-	rm -f stunnel-rsyncd.conf
-	rm -f lib/dummy popt/dummy zlib/dummy
-	rm -f $(srcdir)/Makefile $(srcdir)/config.h $(srcdir)/config.status
-	rm -f $(srcdir)/lib/dummy $(srcdir)/popt/dummy $(srcdir)/zlib/dummy
-	rm -f config.cache config.log
-	rm -f $(srcdir)/config.cache $(srcdir)/config.log
-	rm -f shconfig $(srcdir)/shconfig
-	rm -f $(GENFILES)
-	rm -rf autom4te.cache
+	for dir in $(srcdir) . ; do \
+	    (cd "$$dir" && rm -rf Makefile config.h config.status stunnel-rsyncd.conf \
+	     lib/dummy popt/dummy zlib/dummy config.cache config.log shconfig \
+	     $(GENFILES) autom4te.cache) ; \
+	done
 
 # this target is really just for my use. It only works on a limited
 # range of machines and is used to produce a list of potentially
@@ -276,6 +328,7 @@ finddead:
 	nm *.o */*.o |grep 'U ' | awk '{print $$2}' | sort -u > nmused.txt
 	nm *.o */*.o |grep 'T ' | awk '{print $$3}' | sort -u > nmfns.txt
 	comm -13 nmused.txt nmfns.txt
+	@rm nmused.txt nmfns.txt
 
 # 'check' is the GNU name, 'test' is the name for everybody else :-)
 .PHONY: test
@@ -291,30 +344,139 @@ test: check
 # catch Bash-isms earlier even if we're running on GNU.  Of course, we
 # might lose in the future where POSIX diverges from old sh.
 
+# `make check` runs tests in parallel by default. Override with
+# `make check CHECK_J=1` (serial) or any other value.
+CHECK_J = 8
+
+# Parallelism for `make coverage`. Defaults to the same as CHECK_J: the
+# coverage build sets -fprofile-update=atomic (atomic in-memory counters) and
+# gcc's libgcov serializes the per-source .gcda read-modify-write merge with a
+# file lock, so concurrent rsync processes (incl. the forked sender/generator/
+# receiver) accumulate exactly -- verified by a count-linearity check (a hot
+# line accumulates identically at -j1 and -P16). Override with
+# `make coverage COVERAGE_J=1` if your libgcov does not lock .gcda merges.
+COVERAGE_J = $(CHECK_J)
+
+# Output directory and extra runtests.py flags for `make coverage`. The
+# `coverage-tcp` target reuses the coverage recipe with --use-tcp (real
+# loopback rsyncd, which exercises the TCP accept/auth path and the
+# require_tcp-only tests) and a separate output directory.
+COVERAGE_DIR = coverage
+COVERAGE_RUNFLAGS =
+
+# Bundled third-party code that rsync ships but does not own; excluded from the
+# coverage report so the percentages reflect rsync's own source. zlib/ and popt/
+# are wholly vendored; the named lib/ files are PostgreSQL (getaddrinfo) and ISC
+# (inet_ntop/inet_pton) / standalone (getpass) imports. The other lib/*.c
+# (md5, mdfour, wildmatch, permstring, pool_alloc, snprintf, sysacls, sysxattrs,
+# compat) are rsync's own and stay in the report.
+COVERAGE_EXCLUDE = -e '(^|/)zlib/' -e '(^|/)popt/' \
+	-e '(^|/)lib/(getaddrinfo|getpass|inet_ntop|inet_pton)\.'
+
+# Build everything the test suite needs (rsync + helper programs + symlinks)
+# WITHOUT running it. Used by CI jobs that invoke runtests.py directly with
+# custom options (e.g. the version-mix workflow's --rsync-bin2/--expect-result).
+.PHONY: check-progs
+check-progs: all $(CHECK_PROGS) $(CHECK_SYMLINKS)
+
 .PHONY: check
 check: all $(CHECK_PROGS) $(CHECK_SYMLINKS)
-	rsync_bin=`pwd`/rsync$(EXEEXT) $(srcdir)/runtests.sh
+	$(srcdir)/runtests.py --rsync-bin=`pwd`/rsync$(EXEEXT) -j $(CHECK_J)
 
 .PHONY: check29
 check29: all $(CHECK_PROGS) $(CHECK_SYMLINKS)
-	rsync_bin=`pwd`/rsync$(EXEEXT) $(srcdir)/runtests.sh --protocol=29
+	$(srcdir)/runtests.py --rsync-bin=`pwd`/rsync$(EXEEXT) -j $(CHECK_J) --protocol=29
 
 .PHONY: check30
 check30: all $(CHECK_PROGS) $(CHECK_SYMLINKS)
-	rsync_bin=`pwd`/rsync$(EXEEXT) $(srcdir)/runtests.sh --protocol=30
+	$(srcdir)/runtests.py --rsync-bin=`pwd`/rsync$(EXEEXT) -j $(CHECK_J) --protocol=30
+
+# Whole-suite gcov coverage report (HTML, with branch + decision coverage).
+# Requires a build configured with --enable-coverage and the `gcovr` tool
+# (pip install gcovr). Runs the suite in parallel (COVERAGE_J, default CHECK_J):
+# this is safe because the coverage build uses -fprofile-update=atomic and
+# libgcov locks the per-source .gcda during its merge, so concurrent rsync
+# processes accumulate exactly (see COVERAGE_J above). Use COVERAGE_J=1 if your
+# toolchain's libgcov does not lock .gcda merges.
+.PHONY: coverage
+coverage: all $(CHECK_PROGS) $(CHECK_SYMLINKS)
+	@case '$(CFLAGS)' in *--coverage*) ;; \
+	  *) echo "*** not a coverage build; reconfigure with --enable-coverage"; exit 1 ;; esac
+	@command -v gcovr >/dev/null 2>&1 || { echo "*** gcovr not found (pip install gcovr)"; exit 1; }
+	find . -name '*.gcda' -delete
+	@rc=0; $(srcdir)/runtests.py --rsync-bin=`pwd`/rsync$(EXEEXT) -j $(COVERAGE_J) $(COVERAGE_RUNFLAGS) || rc=$$?; \
+	  rm -rf $(COVERAGE_DIR) && mkdir -p $(COVERAGE_DIR); \
+	  gcovr --root $(srcdir) $(COVERAGE_EXCLUDE) --decisions --print-summary \
+	      --html-details -o $(COVERAGE_DIR)/index.html . || exit $$?; \
+	  echo "Coverage report written to $(COVERAGE_DIR)/index.html"; \
+	  if test $$rc != 0; then \
+	    echo "*** test suite FAILED (status $$rc) -- coverage report still written above"; \
+	  fi; \
+	  exit $$rc
+
+# Same as `make coverage` but with the daemon tests run over a real loopback
+# rsyncd (--use-tcp), into a separate report directory.
+.PHONY: coverage-tcp
+coverage-tcp:
+	$(MAKE) coverage COVERAGE_RUNFLAGS=--use-tcp COVERAGE_DIR=coverage-tcp
+
+# Comprehensive single report: run the suite under several configurations,
+# accumulating into the shared .gcda counters (NOT cleared between runs), then
+# emit one merged, rsync-scoped report. Covers the default (pipe) transport, the
+# protocol-29/30 compat branches, and the real-TCP daemon path (which also runs
+# the require_tcp-only tests). Run under sudo to additionally cover root-only
+# paths (devices, chown, use-chroot, protected-regular). Local target -- CI uses
+# the plain `coverage`/`coverage-tcp` targets.
+.PHONY: coverage-all
+coverage-all: all $(CHECK_PROGS) $(CHECK_SYMLINKS)
+	@case '$(CFLAGS)' in *--coverage*) ;; \
+	  *) echo "*** not a coverage build; reconfigure with --enable-coverage"; exit 1 ;; esac
+	@command -v gcovr >/dev/null 2>&1 || { echo "*** gcovr not found (pip install gcovr)"; exit 1; }
+	find . -name '*.gcda' -delete
+	@rc=0; \
+	  for cfg in '' '--protocol=30' '--protocol=29' '--use-tcp'; do \
+	    echo "===== coverage-all: runtests.py $$cfg ====="; \
+	    $(srcdir)/runtests.py --rsync-bin=`pwd`/rsync$(EXEEXT) -j $(COVERAGE_J) $$cfg || rc=$$?; \
+	  done; \
+	  rm -rf coverage-all && mkdir -p coverage-all; \
+	  gcovr --root $(srcdir) $(COVERAGE_EXCLUDE) --decisions --print-summary \
+	      --html-details -o coverage-all/index.html . || exit $$?; \
+	  echo "Merged coverage report written to coverage-all/index.html"; \
+	  if test $$rc != 0; then \
+	    echo "*** some suite runs FAILED (status $$rc) -- report still written above"; \
+	  fi; \
+	  exit $$rc
+
+# Coverage for the portable (non-openat2) resolver tier. Requires a SEPARATE
+# build configured with --enable-coverage --disable-openat2: its .gcno differ
+# from the openat2 build, so this report cannot be merged with the others.
+.PHONY: coverage-fallback
+coverage-fallback:
+	$(MAKE) coverage COVERAGE_DIR=coverage-fallback
 
 wildtest.o: wildtest.c t_stub.o lib/wildmatch.c rsync.h config.h
 wildtest$(EXEEXT): wildtest.o lib/compat.o lib/snprintf.o @BUILD_POPT@
 	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ wildtest.o lib/compat.o lib/snprintf.o @BUILD_POPT@ $(LIBS)
 
-testsuite/chown-fake.test:
-	ln -s chown.test $(srcdir)/testsuite/chown-fake.test
+simdtest$(EXEEXT): simd-checksum-x86_64.cpp $(HEADERS)
+	@if test x"@ROLL_SIMD@" != x; then \
+	    $(CXX) -I. $(CXXFLAGS) $(CPPFLAGS) $(LDFLAGS) -DTEST_SIMD_CHECKSUM1 \
+	        -o $@ $(srcdir)/simd-checksum-x86_64.cpp @ROLL_ASM@ $(LIBS); \
+	else \
+	    touch $@; \
+	fi
 
-testsuite/devices-fake.test:
-	ln -s devices.test $(srcdir)/testsuite/devices-fake.test
+testsuite/chown-fake_test.py:
+	ln -s chown_test.py $(srcdir)/testsuite/chown-fake_test.py
 
-testsuite/xattrs-hlink.test:
-	ln -s xattrs.test $(srcdir)/testsuite/xattrs-hlink.test
+testsuite/devices-fake_test.py:
+	ln -s devices_test.py $(srcdir)/testsuite/devices-fake_test.py
+
+testsuite/xattrs-hlink_test.py:
+	ln -s xattrs_test.py $(srcdir)/testsuite/xattrs-hlink_test.py
+
+testsuite/exclude-lsh_test.py:
+	ln -s exclude_test.py $(srcdir)/testsuite/exclude-lsh_test.py
 
 # This does *not* depend on building or installing: you can use it to
 # check a version installed from a binary or some other source tree,
@@ -322,7 +484,7 @@ testsuite/xattrs-hlink.test:
 
 .PHONY: installcheck
 installcheck: $(CHECK_PROGS) $(CHECK_SYMLINKS)
-	POSIXLY_CORRECT=1 TOOLDIR=`pwd` rsync_bin="$(bindir)/rsync$(EXEEXT)" srcdir="$(srcdir)" $(srcdir)/runtests.sh
+	$(srcdir)/runtests.py --rsync-bin="$(bindir)/rsync$(EXEEXT)" --srcdir="$(srcdir)" --tooldir=`pwd` -j $(CHECK_J)
 
 # TODO: Add 'dist' target; need to know which files will be included
 
@@ -339,4 +501,4 @@ doxygen:
 .PHONY: doxygen-upload
 doxygen-upload:
 	rsync -avzv $(srcdir)/dox/html/ --delete \
-	$${SAMBA_HOST-samba.org}:/home/httpd/html/rsync/doxygen/head/
+	$${RSYNC_SAMBA_HOST-samba.org}:/home/httpd/html/rsync/doxygen/head/

README.md

@@ -23,8 +23,18 @@ options.  To get a complete list of supported options type:
 
     rsync --help
 
-See the manpage for more detailed information.
+See the [manpage][0] for more detailed information.
 
+[0]: https://download.samba.org/pub/rsync/rsync.1
+
+BUILDING AND INSTALLING
+-----------------------
+
+If you need to build rsync yourself, check out the [INSTALL][1] page for
+information on what libraries and packages you can use to get the maximum
+features in your build.
+
+[1]: https://github.com/RsyncProject/rsync/blob/master/INSTALL.md
 
 SETUP
 -----
@@ -55,17 +65,17 @@ RSYNC DAEMONS
 -------------
 
 Rsync can also talk to "rsync daemons" which can provide anonymous or
-authenticated rsync.  See the rsyncd.conf(5) man page for details on how
-to setup an rsync daemon.  See the rsync(1) man page for info on how to
+authenticated rsync.  See the rsyncd.conf(5) manpage for details on how
+to setup an rsync daemon.  See the rsync(1) manpage for info on how to
 connect to an rsync daemon.
 
 
 WEB SITE
 --------
 
-The main rsync web site is here:
+For more information, visit the [main rsync web site][2].
 
->  https://rsync.samba.org/
+[2]: https://rsync.samba.org/
 
 You'll find a FAQ list, downloads, resources, HTML versions of the
 manpages, etc.
@@ -77,66 +87,67 @@ MAILING LISTS
 There is a mailing list for the discussion of rsync and its applications
 that is open to anyone to join.  New releases are announced on this
 list, and there is also an announcement-only mailing list for those that
-want official announcements.  See the mailing-list page for full
-details:
+want official announcements.  See the [mailing-list page][3] for full
+details.
 
->  https://rsync.samba.org/lists.html
+[3]: https://rsync.samba.org/lists.html
+
+
+DISCORD
+-------
+
+There is also an rsync [Discord server][d] for real-time chat about rsync
+and its development.
+
+[d]: https://discord.gg/Avfvy9zhdp
 
 
 BUG REPORTS
 -----------
 
-To visit this web page for full the details on bug reporting:
+The [bug-tracking web page][4] has full details on bug reporting.
 
->  https://rsync.samba.org/bugtracking.html
+[4]: https://rsync.samba.org/bug-tracking.html
 
-That page contains links to the current bug list, and information on how
-to report a bug well.  You might also like to try searching the Internet
-for the error message you've received, or looking in the mailing list
-archives at:
+That page contains links to the current bug list, and information on how to
+do a good job when reporting a bug.  You might also like to try searching
+the Internet for the error message you've received, or looking in the
+[mailing list archives][5].
 
->  https://mail-archive.com/rsync@lists.samba.org/
+[5]: https://mail-archive.com/rsync@lists.samba.org/
 
 To send a bug report, follow the instructions on the bug-tracking
 page of the web site.
 
 Alternately, email your bug report to <rsync@lists.samba.org>.
 
+For security issues please email details of the issue to <rsync.project@gmail.com>.
 
 GIT REPOSITORY
 --------------
 
 If you want to get the very latest version of rsync direct from the
 source code repository, then you will need to use git.  The git repo
-is hosted on github and on samba's site.  Feel free to access it here:
+is hosted [on GitHub][6] and [on Samba's site][7].
 
->  https://github.com/WayneD/rsync
+[6]: https://github.com/RsyncProject/rsync
+[7]: https://git.samba.org/?p=rsync.git;a=summary
 
-A backup git repo is available on the samba site:
+See [the download page][8] for full details on all the ways to grab the
+source.
 
->     git clone git://git.samba.org/rsync.git
-
-See the download page for full details on all the ways to grab the
-source:
-
->  https://rsync.samba.org/download.html
+[8]: https://rsync.samba.org/download.html
 
 
 COPYRIGHT
 ---------
 
-Rsync was originally written by Andrew Tridgell and is currently
-maintained by Wayne Davison.  It has been improved by many developers
-from around the world.
+Rsync was originally written by Andrew Tridgell and Paul Mackerras.  Many
+people from around the world have helped to maintain and improve it.
 
 Rsync may be used, modified and redistributed only under the terms of
-the GNU General Public License, found in the file COPYING in this
-distribution, or at:
+the GNU General Public License, found in the file [COPYING][9] in this
+distribution, or at [the Free Software Foundation][10].
 
->  https://www.fsf.org/licenses/gpl.html
-
-
-AVAILABILITY
-------------
-
-The main web site for rsync is https://rsync.samba.org/
+[9]: https://github.com/RsyncProject/rsync/blob/master/COPYING
+[10]: https://www.fsf.org/licenses/gpl.html

SECURITY.md

@@ -0,0 +1,13 @@
+# Security Policy
+
+## Supported Versions
+
+Only the current release of the software is actively supported.  If you need
+help backporting fixes into an older release, feel free to ask.
+
+## Reporting a Vulnerability
+
+Email your vulnerability information to rsync's maintainer:
+
+  Rsync Project <rsync.project@gmail.com>
+

TODO

@@ -15,7 +15,6 @@ Create more granular verbosity					2003/05/15
 
 DOCUMENTATION --------------------------------------------------------
 Keep list of open issues and todos on the web site
-Perhaps redo manual as SGML
 
 LOGGING --------------------------------------------------------------
 Memory accounting
@@ -213,16 +212,6 @@ DOCUMENTATION --------------------------------------------------------
 
 Keep list of open issues and todos on the web site
 
-                      --          --
-
-
-Perhaps redo manual as SGML
-
-  The man page is getting rather large, and there is more information
-  that ought to be added.
-
-  TexInfo source is probably a dying format.
-
   Linuxdoc looks like the most likely contender.  I know DocBook is
   favoured by some people, but it's so bloody verbose, even with emacs
   support.

access.c

@@ -2,7 +2,7 @@
  * Routines to authenticate access to a daemon (hosts allow/deny).
  *
  * Copyright (C) 1998 Andrew Tridgell
- * Copyright (C) 2004-2020 Wayne Davison
+ * Copyright (C) 2004-2022 Wayne Davison
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -20,6 +20,9 @@
 
 #include "rsync.h"
 #include "ifuncs.h"
+#ifdef HAVE_NETGROUP_H
+#include <netgroup.h>
+#endif
 
 static int allow_forward_dns;
 
@@ -34,6 +37,11 @@ static int match_hostname(const char **host_ptr, const char *addr, const char *t
 	if (!host || !*host)
 		return 0;
 
+#ifdef HAVE_INNETGR
+	if (*tok == '@' && tok[1])
+		return innetgr(tok + 1, host, NULL, NULL);
+#endif
+
 	/* First check if the reverse-DNS-determined hostname matches. */
 	if (iwildmatch(tok, host))
 		return 1;
@@ -91,7 +99,7 @@ static void make_mask(char *mask, int plen, int addrlen)
 	return;
 }
 
-static int match_address(const char *addr, const char *tok)
+static int match_address(const char *addr, char *tok)
 {
 	char *p;
 	struct addrinfo hints, *resa, *rest;

acls.c

@@ -3,7 +3,7 @@
  *
  * Copyright (C) 1996 Andrew Tridgell
  * Copyright (C) 1996 Paul Mackerras
- * Copyright (C) 2006-2020 Wayne Davison
+ * Copyright (C) 2006-2022 Wayne Davison
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -28,7 +28,7 @@ extern int dry_run;
 extern int am_root;
 extern int read_only;
 extern int list_only;
-extern int orig_umask;
+extern mode_t orig_umask;
 extern int numeric_ids;
 extern int inc_recurse;
 extern int preserve_devices;
@@ -519,6 +519,7 @@ static int get_rsync_acl(const char *fname, rsync_acl *racl,
 
 		sys_acl_free_acl(sacl);
 		if (!ok) {
+			rsyserr(FERROR_XFER, errno, "get_acl: unpack_smb_acl(%s)", fname);
 			return -1;
 		}
 	} else if (no_acl_syscall_error(errno)) {
@@ -696,7 +697,7 @@ static uint32 recv_acl_access(int f, uchar *name_follows_ptr)
 static uchar recv_ida_entries(int f, ida_entries *ent)
 {
 	uchar computed_mask_bits = 0;
-	int i, count = read_varint(f);
+	int i, count = read_varint_bounded(f, 0, MAX_WIRE_ACL_COUNT, "ACL count");
 
 	ent->idas = count ? new_array(id_access, count) : NULL;
 	ent->count = count;
@@ -712,7 +713,7 @@ static uchar recv_ida_entries(int f, ida_entries *ent)
 			else
 				id = recv_group_name(f, id, NULL);
 		} else if (access & NAME_IS_USER) {
-			if (inc_recurse && am_root && !numeric_ids)
+			if (inc_recurse && !numeric_ids)
 				id = match_uid(id);
 		} else {
 			if (inc_recurse && (!am_root || !numeric_ids))
@@ -763,6 +764,8 @@ static int recv_rsync_acl(int f, item_list *racl_list, SMB_ACL_TYPE_T type, mode
 #ifdef HAVE_OSX_ACLS
 	/* If we received a superfluous mask, throw it away. */
 	duo_item->racl.mask_obj = NO_ENTRY;
+	(void)mode;
+	(void)computed_mask_bits;
 #else
 	if (duo_item->racl.names.count && duo_item->racl.mask_obj == NO_ENTRY) {
 		/* Mask must be non-empty with lists. */
@@ -979,7 +982,7 @@ static int set_rsync_acl(const char *fname, acl_duo *duo_item,
 		 && !pack_smb_acl(&duo_item->sacl, &duo_item->racl))
 			return -1;
 #ifdef HAVE_OSX_ACLS
-		mode = 0; /* eliminate compiler warning */
+		(void)mode; /* eliminate compiler warning */
 #else
 		if (type == SMB_ACL_TYPE_ACCESS) {
 			cur_mode = change_sacl_perms(duo_item->sacl, &duo_item->racl, cur_mode, mode);

android.c

@@ -0,0 +1,82 @@
+/*
+ * Android-specific helpers.
+ *
+ * openat2() usability probe
+ * -------------------------
+ * openat2(2) is invoked directly via syscall() because the C library lacked a
+ * wrapper for it for years.  Under a seccomp filter that uses
+ * SECCOMP_RET_TRAP -- as the Android application sandbox does -- a disallowed
+ * syscall raises SIGSYS and *kills the process* rather than failing with
+ * ENOSYS, so inspecting errno after the call is too late.  We therefore probe
+ * openat2() once, behind a temporary SIGSYS handler, so a trapped syscall is
+ * caught and secure_relative_open_linux() can fall back to the portable
+ * per-component O_NOFOLLOW resolver instead of the whole process dying.
+ *
+ * This is only needed on Android, so the probe body is compiled only there.
+ * __ANDROID__ is defined by Bionic's headers and reflects the *target*, not
+ * the build host: it is set both for NDK cross-compiles (from a Linux/macOS
+ * host) and for native Termux builds, and is unset on every other platform.
+ * That makes it a reliable compile-time switch for cross builds -- there is
+ * nothing to detect in configure.  Everywhere else openat2() is never
+ * seccomp-trapped to SIGSYS (a missing syscall simply returns ENOSYS), so
+ * openat2_usable() collapses to a constant 1 with no run-time cost.
+ */
+
+#include "rsync.h"
+
+#if defined(__ANDROID__) && defined(HAVE_OPENAT2)
+
+#include <setjmp.h>
+#include <sys/syscall.h>
+#include <linux/openat2.h>
+
+static sigjmp_buf openat2_probe_env;
+
+static void openat2_probe_handler(int signo)
+{
+	(void)signo;
+	siglongjmp(openat2_probe_env, 1);
+}
+
+#endif
+
+int openat2_usable(void)
+{
+#if defined(__ANDROID__) && defined(HAVE_OPENAT2)
+	static int cached = -1;
+	struct sigaction sa, old_sa;
+
+	if (cached >= 0)
+		return cached;
+
+	memset(&sa, 0, sizeof sa);
+	sa.sa_handler = openat2_probe_handler;
+	sigemptyset(&sa.sa_mask);
+	if (sigaction(SIGSYS, &sa, &old_sa) != 0)
+		return cached = 0;
+
+	if (sigsetjmp(openat2_probe_env, 1) != 0) {
+		/* SIGSYS delivered: openat2 is blocked by a seccomp filter. */
+		cached = 0;
+	} else {
+		struct open_how how;
+		int fd;
+		memset(&how, 0, sizeof how);
+		how.flags = O_RDONLY | O_DIRECTORY;
+		how.resolve = RESOLVE_BENEATH | RESOLVE_NO_MAGICLINKS;
+		fd = syscall(SYS_openat2, AT_FDCWD, ".", &how, sizeof how);
+		if (fd >= 0)
+			close(fd);
+		/* Usable only if the probe actually succeeded.  Any failure --
+		 * ENOSYS (kernel < 5.6), a seccomp SECCOMP_RET_ERRNO denial
+		 * (EPERM/EACCES), or EINVAL (RESOLVE_BENEATH unsupported) --
+		 * means we must fall back to the portable O_NOFOLLOW walk. */
+		cached = fd >= 0;
+	}
+
+	sigaction(SIGSYS, &old_sa, NULL);
+	return cached;
+#else
+	return 1;
+#endif
+}

authenticate.c

@@ -2,7 +2,7 @@
  * Support rsync daemon authentication.
  *
  * Copyright (C) 1998-2000 Andrew Tridgell
- * Copyright (C) 2002-2020 Wayne Davison
+ * Copyright (C) 2002-2022 Wayne Davison
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -24,6 +24,7 @@
 
 extern int read_only;
 extern char *password_file;
+extern struct name_num_obj valid_auth_checksums;
 
 /***************************************************************************
 encode a buffer using base64 - simple and slow algorithm. null terminates
@@ -72,9 +73,9 @@ static void gen_challenge(const char *addr, char *challenge)
 	SIVAL(input, 20, tv.tv_usec);
 	SIVAL(input, 24, getpid());
 
-	sum_init(-1, 0);
+	len = sum_init(valid_auth_checksums.negotiated_nni, 0);
 	sum_update(input, sizeof input);
-	len = sum_end(digest);
+	sum_end(digest);
 
 	base64_encode(digest, len, challenge, 0);
 }
@@ -86,10 +87,10 @@ static void generate_hash(const char *in, const char *challenge, char *out)
 	char buf[MAX_DIGEST_LEN];
 	int len;
 
-	sum_init(-1, 0);
+	len = sum_init(valid_auth_checksums.negotiated_nni, 0);
 	sum_update(in, strlen(in));
 	sum_update(challenge, strlen(challenge));
-	len = sum_end(buf);
+	sum_end(buf);
 
 	base64_encode(buf, len, out, 0);
 }
@@ -119,7 +120,7 @@ static const char *check_secret(int module, const char *user, const char *group,
 		if ((st.st_mode & 06) != 0) {
 			rprintf(FLOG, "secrets file must not be other-accessible (see strict modes option)\n");
 			ok = 0;
-		} else if (MY_UID() == 0 && st.st_uid != 0) {
+		} else if (MY_UID() == ROOT_UID && st.st_uid != ROOT_UID) {
 			rprintf(FLOG, "secrets file must be owned by root when running as root (see strict modes)\n");
 			ok = 0;
 		}
@@ -196,7 +197,7 @@ static const char *getpassf(const char *filename)
 			rprintf(FERROR, "ERROR: password file must not be other-accessible\n");
 			exit_cleanup(RERR_SYNTAX);
 		}
-		if (MY_UID() == 0 && st.st_uid != 0) {
+		if (MY_UID() == ROOT_UID && st.st_uid != ROOT_UID) {
 			rprintf(FERROR, "ERROR: password file must be owned by root when running as root\n");
 			exit_cleanup(RERR_SYNTAX);
 		}
@@ -227,7 +228,7 @@ char *auth_server(int f_in, int f_out, int module, const char *host,
 	char *users = lp_auth_users(module);
 	char challenge[MAX_DIGEST_LEN*2];
 	char line[BIGPATHBUFLEN];
-	char **auth_uid_groups = NULL;
+	const char **auth_uid_groups = NULL;
 	int auth_uid_groups_cnt = -1;
 	const char *err = NULL;
 	int group_match = -1;
@@ -238,6 +239,7 @@ char *auth_server(int f_in, int f_out, int module, const char *host,
 	if (!users || !*users)
 		return "";
 
+	negotiate_daemon_auth(f_out, 0);
 	gen_challenge(addr, challenge);
 
 	io_printf(f_out, "%s%s\n", leader, challenge);
@@ -287,7 +289,7 @@ char *auth_server(int f_in, int f_out, int module, const char *host,
 				else {
 					gid_t *gid_array = gid_list.items;
 					auth_uid_groups_cnt = gid_list.count;
-					auth_uid_groups = new_array(char *, auth_uid_groups_cnt);
+					auth_uid_groups = new_array(const char *, auth_uid_groups_cnt);
 					for (j = 0; j < auth_uid_groups_cnt; j++)
 						auth_uid_groups[j] = gid_to_group(gid_array[j]);
 				}
@@ -313,7 +315,7 @@ char *auth_server(int f_in, int f_out, int module, const char *host,
 	else if (opt_ch == 'd')
 		err = "denied by rule";
 	else {
-		char *group = group_match >= 0 ? auth_uid_groups[group_match] : NULL;
+		const char *group = group_match >= 0 ? auth_uid_groups[group_match] : NULL;
 		err = check_secret(module, line, group, challenge, pass);
 	}
 
@@ -324,7 +326,7 @@ char *auth_server(int f_in, int f_out, int module, const char *host,
 		int j;
 		for (j = 0; j < auth_uid_groups_cnt; j++) {
 			if (auth_uid_groups[j])
-				free(auth_uid_groups[j]);
+				free((char*)auth_uid_groups[j]);
 		}
 		free(auth_uid_groups);
 	}
@@ -350,6 +352,7 @@ void auth_client(int fd, const char *user, const char *challenge)
 
 	if (!user || !*user)
 		user = "nobody";
+	negotiate_daemon_auth(-1, 1);
 
 	if (!(pass = getpassf(password_file))
 	 && !(pass = getenv("RSYNC_PASSWORD"))) {

backup.c

@@ -2,7 +2,7 @@
  * Backup handling code.
  *
  * Copyright (C) 1999 Andrew Tridgell
- * Copyright (C) 2003-2020 Wayne Davison
+ * Copyright (C) 2003-2022 Wayne Davison
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -39,7 +39,7 @@ static int validate_backup_dir(void)
 {
 	STRUCT_STAT st;
 
-	if (do_lstat(backup_dir_buf, &st) < 0) {
+	if (do_lstat_at(backup_dir_buf, &st) < 0) {
 		if (errno == ENOENT)
 			return 0;
 		rsyserr(FERROR, errno, "backup lstat %s failed", backup_dir_buf);
@@ -98,7 +98,7 @@ static BOOL copy_valid_path(const char *fname)
 	for ( ; b; name = b + 1, b = strchr(name, '/')) {
 		*b = '\0';
 
-		while (do_mkdir(backup_dir_buf, ACCESSPERMS) < 0) {
+		while (do_mkdir_at(backup_dir_buf, ACCESSPERMS) < 0) {
 			if (errno == EEXIST) {
 				val = validate_backup_dir();
 				if (val > 0)
@@ -197,7 +197,7 @@ static inline int link_or_rename(const char *from, const char *to,
 		if (IS_SPECIAL(stp->st_mode) || IS_DEVICE(stp->st_mode))
 			return 0; /* Use copy code. */
 #endif
-		if (do_link(from, to) == 0) {
+		if (do_link_at(from, to) == 0) {
 			if (DEBUG_GTE(BACKUP, 1))
 				rprintf(FINFO, "make_backup: HLINK %s successful.\n", from);
 			return 2;
@@ -207,7 +207,7 @@ static inline int link_or_rename(const char *from, const char *to,
 			return 0;
 	}
 #endif
-	if (do_rename(from, to) == 0) {
+	if (do_rename_at(from, to) == 0) {
 		if (stp->st_nlink > 1 && !S_ISDIR(stp->st_mode)) {
 			/* If someone has hard-linked the file into the backup
 			 * dir, rename() might return success but do nothing! */
@@ -246,7 +246,7 @@ int make_backup(const char *fname, BOOL prefer_rename)
 		goto success;
 	if (errno == EEXIST || errno == EISDIR) {
 		STRUCT_STAT bakst;
-		if (do_lstat(buf, &bakst) == 0) {
+		if (do_lstat_at(buf, &bakst) == 0) {
 			int flags = get_del_for_flag(bakst.st_mode) | DEL_FOR_BACKUP | DEL_RECURSE;
 			if (delete_item(buf, bakst.st_mode, flags) != 0)
 				return 0;
@@ -277,7 +277,7 @@ int make_backup(const char *fname, BOOL prefer_rename)
 	/* Check to see if this is a device file, or link */
 	if ((am_root && preserve_devices && IS_DEVICE(file->mode))
 	 || (preserve_specials && IS_SPECIAL(file->mode))) {
-		if (do_mknod(buf, file->mode, sx.st.st_rdev) < 0)
+		if (do_mknod_at(buf, file->mode, sx.st.st_rdev) < 0)
 			rsyserr(FERROR, errno, "mknod %s failed", full_fname(buf));
 		else if (DEBUG_GTE(BACKUP, 1))
 			rprintf(FINFO, "make_backup: DEVICE %s successful.\n", fname);
@@ -294,7 +294,7 @@ int make_backup(const char *fname, BOOL prefer_rename)
 			}
 			ret = 2;
 		} else {
-			if (do_symlink(sl, buf) < 0)
+			if (do_symlink_at(sl, buf) < 0)
 				rsyserr(FERROR, errno, "link %s -> \"%s\"", full_fname(buf), sl);
 			else if (DEBUG_GTE(BACKUP, 1))
 				rprintf(FINFO, "make_backup: SYMLINK %s successful.\n", fname);
@@ -304,7 +304,8 @@ int make_backup(const char *fname, BOOL prefer_rename)
 #endif
 
 	if (!ret && !S_ISREG(file->mode)) {
-		rprintf(FINFO, "make_bak: skipping non-regular file %s\n", fname);
+		if (INFO_GTE(NONREG, 1))
+			rprintf(FINFO, "make_bak: skipping non-regular file %s\n", fname);
 		unmake_file(file);
 #ifdef SUPPORT_ACLS
 		uncache_tmp_acls();

batch.c

@@ -3,7 +3,7 @@
  *
  * Copyright (C) 1999 Weiss
  * Copyright (C) 2004 Chris Shoemaker
- * Copyright (C) 2004-2020 Wayne Davison
+ * Copyright (C) 2004-2022 Wayne Davison
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -75,7 +75,7 @@ static int *flag_ptr[] = {
 	NULL
 };
 
-static char *flag_name[] = {
+static const char *const flag_name[] = {
 	"--recurse (-r)",
 	"--owner (-o)",
 	"--group (-g)",
@@ -194,7 +194,7 @@ static int write_opt(const char *opt, const char *arg)
 {
 	int len = strlen(opt);
 	int err = write(batch_sh_fd, " ", 1) != 1;
-	err = write(batch_sh_fd, opt, len) != len ? 1 : 0; 
+	err = write(batch_sh_fd, opt, len) != len ? 1 : 0;
 	if (arg) {
 		err |= write(batch_sh_fd, "=", 1) != 1;
 		err |= write_arg(arg);

byteorder.h

@@ -2,7 +2,7 @@
  * Simple byteorder handling.
  *
  * Copyright (C) 1992-1995 Andrew Tridgell
- * Copyright (C) 2007-2020 Wayne Davison
+ * Copyright (C) 2007-2022 Wayne Davison
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -129,4 +129,3 @@ SIVAL(char *buf, int pos, uint32 val)
 {
 	SIVALu((uchar*)buf, pos, val);
 }
-

checksum.c

@@ -3,7 +3,7 @@
  *
  * Copyright (C) 1996 Andrew Tridgell
  * Copyright (C) 1996 Paul Mackerras
- * Copyright (C) 2004-2020 Wayne Davison
+ * Copyright (C) 2004-2023 Wayne Davison
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -29,7 +29,7 @@
 #include "rsync.h"
 
 #ifdef SUPPORT_XXHASH
-#include "xxhash.h"
+#include <xxhash.h>
 # if XXH_VERSION_NUMBER >= 800
 #  define SUPPORT_XXH3 1
 # endif
@@ -42,41 +42,94 @@ extern int protocol_version;
 extern int proper_seed_order;
 extern const char *checksum_choice;
 
-struct name_num_obj valid_checksums = {
-	"checksum", NULL, NULL, 0, 0, {
+#define NNI_BUILTIN (1<<0)
+#define NNI_EVP (1<<1)
+#define NNI_EVP_OK (1<<2)
+
+struct name_num_item valid_checksums_items[] = {
 #ifdef SUPPORT_XXH3
-		{ CSUM_XXH3_128, "xxh128", NULL },
-		{ CSUM_XXH3_64, "xxh3", NULL },
+	{ CSUM_XXH3_128, 0, "xxh128", NULL },
+	{ CSUM_XXH3_64, 0, "xxh3", NULL },
 #endif
 #ifdef SUPPORT_XXHASH
-		{ CSUM_XXH64, "xxh64", NULL },
-		{ CSUM_XXH64, "xxhash", NULL },
+	{ CSUM_XXH64, 0, "xxh64", NULL },
+	{ CSUM_XXH64, 0, "xxhash", NULL },
 #endif
-		{ CSUM_MD5, "md5", NULL },
-		{ CSUM_MD4, "md4", NULL },
-		{ CSUM_NONE, "none", NULL },
-		{ 0, NULL, NULL }
-	}
+	{ CSUM_MD5, NNI_BUILTIN|NNI_EVP, "md5", NULL },
+	{ CSUM_MD4, NNI_BUILTIN|NNI_EVP, "md4", NULL },
+#ifdef SHA_DIGEST_LENGTH
+	{ CSUM_SHA1, NNI_EVP, "sha1", NULL },
+#endif
+	{ CSUM_NONE, 0, "none", NULL },
+	{ 0, 0, NULL, NULL }
 };
 
-int xfersum_type = 0; /* used for the file transfer checksums */
-int checksum_type = 0; /* used for the pre-transfer (--checksum) checksums */
+struct name_num_obj valid_checksums = {
+	"checksum", NULL, 0, 0, valid_checksums_items
+};
 
-int parse_csum_name(const char *name, int len)
+struct name_num_item valid_auth_checksums_items[] = {
+#ifdef SHA512_DIGEST_LENGTH
+	{ CSUM_SHA512, NNI_EVP, "sha512", NULL },
+#endif
+#ifdef SHA256_DIGEST_LENGTH
+	{ CSUM_SHA256, NNI_EVP, "sha256", NULL },
+#endif
+#ifdef SHA_DIGEST_LENGTH
+	{ CSUM_SHA1, NNI_EVP, "sha1", NULL },
+#endif
+	{ CSUM_MD5, NNI_BUILTIN|NNI_EVP, "md5", NULL },
+	{ CSUM_MD4, NNI_BUILTIN|NNI_EVP, "md4", NULL },
+	{ 0, 0, NULL, NULL }
+};
+
+struct name_num_obj valid_auth_checksums = {
+	"daemon auth checksum", NULL, 0, 0, valid_auth_checksums_items
+};
+
+/* These cannot make use of openssl, so they're marked just as built-in */
+struct name_num_item implied_checksum_md4 =
+    { CSUM_MD4, NNI_BUILTIN, "md4", NULL };
+struct name_num_item implied_checksum_md5 =
+    { CSUM_MD5, NNI_BUILTIN, "md5", NULL };
+
+struct name_num_item *xfer_sum_nni; /* used for the transfer checksum2 computations */
+int xfer_sum_len;
+struct name_num_item *file_sum_nni; /* used for the pre-transfer --checksum computations */
+int file_sum_len, file_sum_extra_cnt;
+
+#ifdef USE_OPENSSL
+const EVP_MD *xfer_sum_evp_md;
+const EVP_MD *file_sum_evp_md;
+EVP_MD_CTX *ctx_evp = NULL;
+#endif
+
+static int initialized_choices = 0;
+
+struct name_num_item *parse_csum_name(const char *name, int len)
 {
 	struct name_num_item *nni;
 
 	if (len < 0 && name)
 		len = strlen(name);
 
+	init_checksum_choices();
+
 	if (!name || (len == 4 && strncasecmp(name, "auto", 4) == 0)) {
-		if (protocol_version >= 30)
-			return CSUM_MD5;
-		if (protocol_version >= 27)
-			return CSUM_MD4_OLD;
-		if (protocol_version >= 21)
-			return CSUM_MD4_BUSTED;
-		return CSUM_MD4_ARCHAIC;
+		if (protocol_version >= 30) {
+			if (!proper_seed_order)
+				return &implied_checksum_md5;
+			name = "md5";
+			len = 3;
+		} else {
+			if (protocol_version >= 27)
+				implied_checksum_md4.num = CSUM_MD4_OLD;
+			else if (protocol_version >= 21)
+				implied_checksum_md4.num = CSUM_MD4_BUSTED;
+			else
+				implied_checksum_md4.num = CSUM_MD4_ARCHAIC;
+			return &implied_checksum_md4;
+		}
 	}
 
 	nni = get_nni_by_name(&valid_checksums, name, len);
@@ -86,44 +139,74 @@ int parse_csum_name(const char *name, int len)
 		exit_cleanup(RERR_UNSUPPORTED);
 	}
 
-	return nni->num;
+	return nni;
 }
 
-static const char *checksum_name(int num)
+#ifdef USE_OPENSSL
+static const EVP_MD *csum_evp_md(struct name_num_item *nni)
 {
-	struct name_num_item *nni = get_nni_by_num(&valid_checksums, num);
+	const EVP_MD *emd;
+	if (!(nni->flags & NNI_EVP))
+		return NULL;
 
-	return nni ? nni->name : num < CSUM_MD4 ? "md4" : "UNKNOWN";
+#ifdef USE_MD5_ASM
+	if (nni->num == CSUM_MD5)
+		emd = NULL;
+	else
+#endif
+		emd = EVP_get_digestbyname(nni->name);
+	if (emd && !(nni->flags & NNI_EVP_OK)) { /* Make sure it works before we advertise it */
+		if (!ctx_evp && !(ctx_evp = EVP_MD_CTX_create()))
+			out_of_memory("csum_evp_md");
+		/* Some routines are marked as legacy and are not enabled in the openssl.cnf file.
+		 * If we can't init the emd, we'll fall back to our built-in code. */
+		if (EVP_DigestInit_ex(ctx_evp, emd, NULL) == 0)
+			emd = NULL;
+		else
+			nni->flags = (nni->flags & ~NNI_BUILTIN) | NNI_EVP_OK;
+	}
+	if (!emd)
+		nni->flags &= ~NNI_EVP;
+	return emd;
 }
+#endif
 
 void parse_checksum_choice(int final_call)
 {
-	if (valid_checksums.negotiated_name)
-		xfersum_type = checksum_type = valid_checksums.negotiated_num;
+	if (valid_checksums.negotiated_nni)
+		xfer_sum_nni = file_sum_nni = valid_checksums.negotiated_nni;
 	else {
-		char *cp = checksum_choice ? strchr(checksum_choice, ',') : NULL;
+		const char *cp = checksum_choice ? strchr(checksum_choice, ',') : NULL;
 		if (cp) {
-			xfersum_type = parse_csum_name(checksum_choice, cp - checksum_choice);
-			checksum_type = parse_csum_name(cp+1, -1);
+			xfer_sum_nni = parse_csum_name(checksum_choice, cp - checksum_choice);
+			file_sum_nni = parse_csum_name(cp+1, -1);
 		} else
-			xfersum_type = checksum_type = parse_csum_name(checksum_choice, -1);
+			xfer_sum_nni = file_sum_nni = parse_csum_name(checksum_choice, -1);
 		if (am_server && checksum_choice)
-			validate_choice_vs_env(NSTR_CHECKSUM, xfersum_type, checksum_type);
+			validate_choice_vs_env(NSTR_CHECKSUM, xfer_sum_nni->num, file_sum_nni->num);
 	}
+	xfer_sum_len = csum_len_for_type(xfer_sum_nni->num, 0);
+	file_sum_len = csum_len_for_type(file_sum_nni->num, 0);
+#ifdef USE_OPENSSL
+	xfer_sum_evp_md = csum_evp_md(xfer_sum_nni);
+	file_sum_evp_md = csum_evp_md(file_sum_nni);
+#endif
 
-	if (xfersum_type == CSUM_NONE)
+	file_sum_extra_cnt = (file_sum_len + EXTRA_LEN - 1) / EXTRA_LEN;
+
+	if (xfer_sum_nni->num == CSUM_NONE)
 		whole_file = 1;
 
 	/* Snag the checksum name for both write_batch's option output & the following debug output. */
-	if (valid_checksums.negotiated_name)
-		checksum_choice = valid_checksums.negotiated_name;
+	if (valid_checksums.negotiated_nni)
+		checksum_choice = valid_checksums.negotiated_nni->name;
 	else if (checksum_choice == NULL)
-		checksum_choice = checksum_name(xfersum_type);
+		checksum_choice = xfer_sum_nni->name;
 
 	if (final_call && DEBUG_GTE(NSTR, am_server ? 3 : 1)) {
 		rprintf(FINFO, "%s%s checksum: %s\n",
 			am_server ? "Server" : "Client",
-			valid_checksums.negotiated_name ? " negotiated" : "",
+			valid_checksums.negotiated_nni ? " negotiated" : "",
 			checksum_choice);
 	}
 }
@@ -143,6 +226,18 @@ int csum_len_for_type(int cst, BOOL flist_csum)
 		return MD4_DIGEST_LEN;
 	  case CSUM_MD5:
 		return MD5_DIGEST_LEN;
+#ifdef SHA_DIGEST_LENGTH
+	  case CSUM_SHA1:
+		return SHA_DIGEST_LENGTH;
+#endif
+#ifdef SHA256_DIGEST_LENGTH
+	  case CSUM_SHA256:
+		return SHA256_DIGEST_LENGTH;
+#endif
+#ifdef SHA512_DIGEST_LENGTH
+	  case CSUM_SHA512:
+		return SHA512_DIGEST_LENGTH;
+#endif
 	  case CSUM_XXH64:
 	  case CSUM_XXH3_64:
 		return 64/8;
@@ -168,6 +263,9 @@ int canonical_checksum(int csum_type)
 		break;
 	  case CSUM_MD4:
 	  case CSUM_MD5:
+	  case CSUM_SHA1:
+	  case CSUM_SHA256:
+	  case CSUM_SHA512:
 		return -1;
 	  case CSUM_XXH64:
 	  case CSUM_XXH3_64:
@@ -179,7 +277,7 @@ int canonical_checksum(int csum_type)
 	return 0;
 }
 
-#ifndef HAVE_SIMD /* See simd-checksum-*.cpp. */
+#ifndef USE_ROLL_SIMD /* See simd-checksum-*.cpp. */
 /*
   a simple 32 bit checksum that can be updated from either end
   (inspired by Mark Adler's Adler-32 checksum)
@@ -202,9 +300,25 @@ uint32 get_checksum1(char *buf1, int32 len)
 }
 #endif
 
+/* The "sum" buffer must be at least MAX_DIGEST_LEN bytes! */
 void get_checksum2(char *buf, int32 len, char *sum)
 {
-	switch (xfersum_type) {
+#ifdef USE_OPENSSL
+	if (xfer_sum_evp_md) {
+		static EVP_MD_CTX *evp = NULL;
+		uchar seedbuf[4];
+		if (!evp && !(evp = EVP_MD_CTX_create()))
+			out_of_memory("get_checksum2");
+		EVP_DigestInit_ex(evp, xfer_sum_evp_md, NULL);
+		if (checksum_seed) {
+			SIVALu(seedbuf, 0, checksum_seed);
+			EVP_DigestUpdate(evp, seedbuf, 4);
+		}
+		EVP_DigestUpdate(evp, (uchar *)buf, len);
+		EVP_DigestFinal_ex(evp, (uchar *)sum, NULL);
+	} else
+#endif
+	switch (xfer_sum_nni->num) {
 #ifdef SUPPORT_XXHASH
 	  case CSUM_XXH64:
 		SIVAL64(sum, 0, XXH64(buf, len, checksum_seed));
@@ -222,40 +336,26 @@ void get_checksum2(char *buf, int32 len, char *sum)
 	  }
 #endif
 	  case CSUM_MD5: {
-		MD5_CTX m5;
+		md_context m5;
 		uchar seedbuf[4];
-		MD5_Init(&m5);
+		md5_begin(&m5);
 		if (proper_seed_order) {
 			if (checksum_seed) {
 				SIVALu(seedbuf, 0, checksum_seed);
-				MD5_Update(&m5, seedbuf, 4);
+				md5_update(&m5, seedbuf, 4);
 			}
-			MD5_Update(&m5, (uchar *)buf, len);
+			md5_update(&m5, (uchar *)buf, len);
 		} else {
-			MD5_Update(&m5, (uchar *)buf, len);
+			md5_update(&m5, (uchar *)buf, len);
 			if (checksum_seed) {
 				SIVALu(seedbuf, 0, checksum_seed);
-				MD5_Update(&m5, seedbuf, 4);
+				md5_update(&m5, seedbuf, 4);
 			}
 		}
-		MD5_Final((uchar *)sum, &m5);
+		md5_result(&m5, (uchar *)sum);
 		break;
 	  }
 	  case CSUM_MD4:
-#ifdef USE_OPENSSL
-	  {
-		MD4_CTX m4;
-		MD4_Init(&m4);
-		MD4_Update(&m4, (uchar *)buf, len);
-		if (checksum_seed) {
-			uchar seedbuf[4];
-			SIVALu(seedbuf, 0, checksum_seed);
-			MD4_Update(&m4, seedbuf, 4);
-		}
-		MD4_Final((uchar *)sum, &m4);
-		break;
-	  }
-#endif
 	  case CSUM_MD4_OLD:
 	  case CSUM_MD4_BUSTED:
 	  case CSUM_MD4_ARCHAIC: {
@@ -266,9 +366,8 @@ void get_checksum2(char *buf, int32 len, char *sum)
 
 		mdfour_begin(&m);
 
-		if (len > len1) {
-			if (buf1)
-				free(buf1);
+		if (len > len1 || !buf1) {
+			free(buf1);
 			buf1 = new_array(char, len+4);
 			len1 = len;
 		}
@@ -288,7 +387,7 @@ void get_checksum2(char *buf, int32 len, char *sum)
 		 * are multiples of 64.  This is fixed by calling mdfour_update()
 		 * even when there are no more bytes.
 		 */
-		if (len - i > 0 || xfersum_type > CSUM_MD4_BUSTED)
+		if (len - i > 0 || xfer_sum_nni->num > CSUM_MD4_BUSTED)
 			mdfour_update(&m, (uchar *)(buf1+i), len-i);
 
 		mdfour_result(&m, (uchar *)sum);
@@ -306,15 +405,33 @@ void file_checksum(const char *fname, const STRUCT_STAT *st_p, char *sum)
 	int32 remainder;
 	int fd;
 
-	memset(sum, 0, MAX_DIGEST_LEN);
-
-	fd = do_open(fname, O_RDONLY, 0);
-	if (fd == -1)
+	fd = do_open_checklinks(fname);
+	if (fd == -1) {
+		memset(sum, 0, file_sum_len);
 		return;
+	}
 
 	buf = map_file(fd, len, MAX_MAP_SIZE, CHUNK_SIZE);
 
-	switch (checksum_type) {
+#ifdef USE_OPENSSL
+	if (file_sum_evp_md) {
+		static EVP_MD_CTX *evp = NULL;
+		if (!evp && !(evp = EVP_MD_CTX_create()))
+			out_of_memory("file_checksum");
+
+		EVP_DigestInit_ex(evp, file_sum_evp_md, NULL);
+
+		for (i = 0; i + CHUNK_SIZE <= len; i += CHUNK_SIZE)
+			EVP_DigestUpdate(evp, (uchar *)map_ptr(buf, i, CHUNK_SIZE), CHUNK_SIZE);
+
+		remainder = (int32)(len - i);
+		if (remainder > 0)
+			EVP_DigestUpdate(evp, (uchar *)map_ptr(buf, i, remainder), remainder);
+
+		EVP_DigestFinal_ex(evp, (uchar *)sum, NULL);
+	} else
+#endif
+	switch (file_sum_nni->num) {
 #ifdef SUPPORT_XXHASH
 	  case CSUM_XXH64: {
 		static XXH64_state_t* state = NULL;
@@ -374,38 +491,21 @@ void file_checksum(const char *fname, const STRUCT_STAT *st_p, char *sum)
 	  }
 #endif
 	  case CSUM_MD5: {
-		MD5_CTX m5;
+		md_context m5;
 
-		MD5_Init(&m5);
+		md5_begin(&m5);
 
 		for (i = 0; i + CHUNK_SIZE <= len; i += CHUNK_SIZE)
-			MD5_Update(&m5, (uchar *)map_ptr(buf, i, CHUNK_SIZE), CHUNK_SIZE);
+			md5_update(&m5, (uchar *)map_ptr(buf, i, CHUNK_SIZE), CHUNK_SIZE);
 
 		remainder = (int32)(len - i);
 		if (remainder > 0)
-			MD5_Update(&m5, (uchar *)map_ptr(buf, i, remainder), remainder);
+			md5_update(&m5, (uchar *)map_ptr(buf, i, remainder), remainder);
 
-		MD5_Final((uchar *)sum, &m5);
+		md5_result(&m5, (uchar *)sum);
 		break;
 	  }
 	  case CSUM_MD4:
-#ifdef USE_OPENSSL
-	  {
-		MD4_CTX m4;
-
-		MD4_Init(&m4);
-
-		for (i = 0; i + CHUNK_SIZE <= len; i += CHUNK_SIZE)
-			MD4_Update(&m4, (uchar *)map_ptr(buf, i, CHUNK_SIZE), CHUNK_SIZE);
-
-		remainder = (int32)(len - i);
-		if (remainder > 0)
-			MD4_Update(&m4, (uchar *)map_ptr(buf, i, remainder), remainder);
-
-		MD4_Final((uchar *)sum, &m4);
-		break;
-	  }
-#endif
 	  case CSUM_MD4_OLD:
 	  case CSUM_MD4_BUSTED:
 	  case CSUM_MD4_ARCHAIC: {
@@ -413,15 +513,15 @@ void file_checksum(const char *fname, const STRUCT_STAT *st_p, char *sum)
 
 		mdfour_begin(&m);
 
-		for (i = 0; i + CHUNK_SIZE <= len; i += CHUNK_SIZE)
-			mdfour_update(&m, (uchar *)map_ptr(buf, i, CHUNK_SIZE), CHUNK_SIZE);
+		for (i = 0; i + CSUM_CHUNK <= len; i += CSUM_CHUNK)
+			mdfour_update(&m, (uchar *)map_ptr(buf, i, CSUM_CHUNK), CSUM_CHUNK);
 
 		/* Prior to version 27 an incorrect MD4 checksum was computed
 		 * by failing to call mdfour_tail() for block sizes that
 		 * are multiples of 64.  This is fixed by calling mdfour_update()
 		 * even when there are no more bytes. */
 		remainder = (int32)(len - i);
-		if (remainder > 0 || checksum_type > CSUM_MD4_BUSTED)
+		if (remainder > 0 || file_sum_nni->num > CSUM_MD4_BUSTED)
 			mdfour_update(&m, (uchar *)map_ptr(buf, i, remainder), remainder);
 
 		mdfour_result(&m, (uchar *)sum);
@@ -429,7 +529,7 @@ void file_checksum(const char *fname, const STRUCT_STAT *st_p, char *sum)
 	  }
 	  default:
 		rprintf(FERROR, "Invalid checksum-choice for --checksum: %s (%d)\n",
-			checksum_name(checksum_type), checksum_type);
+			file_sum_nni->name, file_sum_nni->num);
 		exit_cleanup(RERR_UNSUPPORTED);
 	}
 
@@ -438,30 +538,43 @@ void file_checksum(const char *fname, const STRUCT_STAT *st_p, char *sum)
 }
 
 static int32 sumresidue;
-static union {
-	md_context md;
-#ifdef USE_OPENSSL
-	MD4_CTX m4;
-#endif
-	MD5_CTX m5;
-} ctx;
+static md_context ctx_md;
 #ifdef SUPPORT_XXHASH
 static XXH64_state_t* xxh64_state;
 #endif
 #ifdef SUPPORT_XXH3
 static XXH3_state_t* xxh3_state;
 #endif
-static int cursum_type;
+static struct name_num_item *cur_sum_nni;
+int cur_sum_len;
 
-void sum_init(int csum_type, int seed)
+#ifdef USE_OPENSSL
+static const EVP_MD *cur_sum_evp_md;
+#endif
+
+/* Initialize a hash digest accumulator.  Data is supplied via
+ * sum_update() and the resulting binary digest is retrieved via
+ * sum_end().  This only supports one active sum at a time. */
+int sum_init(struct name_num_item *nni, int seed)
 {
 	char s[4];
 
-	if (csum_type < 0)
-		csum_type = parse_csum_name(NULL, 0);
-	cursum_type = csum_type;
+	if (!nni)
+		nni = parse_csum_name(NULL, 0);
+	cur_sum_nni = nni;
+	cur_sum_len = csum_len_for_type(nni->num, 0);
+#ifdef USE_OPENSSL
+	cur_sum_evp_md = csum_evp_md(nni);
+#endif
 
-	switch (csum_type) {
+#ifdef USE_OPENSSL
+	if (cur_sum_evp_md) {
+		if (!ctx_evp && !(ctx_evp = EVP_MD_CTX_create()))
+			out_of_memory("file_checksum");
+		EVP_DigestInit_ex(ctx_evp, cur_sum_evp_md, NULL);
+	} else
+#endif
+	switch (cur_sum_nni->num) {
 #ifdef SUPPORT_XXHASH
 	  case CSUM_XXH64:
 		if (!xxh64_state && !(xxh64_state = XXH64_createState()))
@@ -482,20 +595,16 @@ void sum_init(int csum_type, int seed)
 		break;
 #endif
 	  case CSUM_MD5:
-		MD5_Init(&ctx.m5);
+		md5_begin(&ctx_md);
 		break;
 	  case CSUM_MD4:
-#ifdef USE_OPENSSL
-		MD4_Init(&ctx.m4);
-#else
-		mdfour_begin(&ctx.md);
+		mdfour_begin(&ctx_md);
 		sumresidue = 0;
-#endif
 		break;
 	  case CSUM_MD4_OLD:
 	  case CSUM_MD4_BUSTED:
 	  case CSUM_MD4_ARCHAIC:
-		mdfour_begin(&ctx.md);
+		mdfour_begin(&ctx_md);
 		sumresidue = 0;
 		SIVAL(s, 0, seed);
 		sum_update(s, 4);
@@ -505,19 +614,19 @@ void sum_init(int csum_type, int seed)
 	  default: /* paranoia to prevent missing case values */
 		exit_cleanup(RERR_UNSUPPORTED);
 	}
+
+	return cur_sum_len;
 }
 
-/**
- * Feed data into an MD4 accumulator, md.  The results may be
- * retrieved using sum_end().  md is used for different purposes at
- * different points during execution.
- *
- * @todo Perhaps get rid of md and just pass in the address each time.
- * Very slightly clearer and slower.
- **/
+/* Feed data into a hash digest accumulator. */
 void sum_update(const char *p, int32 len)
 {
-	switch (cursum_type) {
+#ifdef USE_OPENSSL
+	if (cur_sum_evp_md) {
+		EVP_DigestUpdate(ctx_evp, (uchar *)p, len);
+	} else
+#endif
+	switch (cur_sum_nni->num) {
 #ifdef SUPPORT_XXHASH
 	  case CSUM_XXH64:
 		XXH64_update(xxh64_state, p, len);
@@ -532,39 +641,35 @@ void sum_update(const char *p, int32 len)
 		break;
 #endif
 	  case CSUM_MD5:
-		MD5_Update(&ctx.m5, (uchar *)p, len);
+		md5_update(&ctx_md, (uchar *)p, len);
 		break;
 	  case CSUM_MD4:
-#ifdef USE_OPENSSL
-		MD4_Update(&ctx.m4, (uchar *)p, len);
-		break;
-#endif
 	  case CSUM_MD4_OLD:
 	  case CSUM_MD4_BUSTED:
 	  case CSUM_MD4_ARCHAIC:
 		if (len + sumresidue < CSUM_CHUNK) {
-			memcpy(ctx.md.buffer + sumresidue, p, len);
+			memcpy(ctx_md.buffer + sumresidue, p, len);
 			sumresidue += len;
 			break;
 		}
 
 		if (sumresidue) {
 			int32 i = CSUM_CHUNK - sumresidue;
-			memcpy(ctx.md.buffer + sumresidue, p, i);
-			mdfour_update(&ctx.md, (uchar *)ctx.md.buffer, CSUM_CHUNK);
+			memcpy(ctx_md.buffer + sumresidue, p, i);
+			mdfour_update(&ctx_md, (uchar *)ctx_md.buffer, CSUM_CHUNK);
 			len -= i;
 			p += i;
 		}
 
 		while (len >= CSUM_CHUNK) {
-			mdfour_update(&ctx.md, (uchar *)p, CSUM_CHUNK);
+			mdfour_update(&ctx_md, (uchar *)p, CSUM_CHUNK);
 			len -= CSUM_CHUNK;
 			p += CSUM_CHUNK;
 		}
 
 		sumresidue = len;
 		if (sumresidue)
-			memcpy(ctx.md.buffer, p, sumresidue);
+			memcpy(ctx_md.buffer, p, sumresidue);
 		break;
 	  case CSUM_NONE:
 		break;
@@ -573,13 +678,18 @@ void sum_update(const char *p, int32 len)
 	}
 }
 
-/* NOTE: all the callers of sum_end() pass in a pointer to a buffer that is
- * MAX_DIGEST_LEN in size, so even if the csum-len is shorter that that (i.e.
- * CSUM_MD4_ARCHAIC), we don't have to worry about limiting the data we write
- * into the "sum" buffer. */
-int sum_end(char *sum)
+/* The sum buffer only needs to be as long as the current checksum's digest
+ * len, not MAX_DIGEST_LEN. Note that for CSUM_MD4_ARCHAIC that is the full
+ * MD4_DIGEST_LEN even if the file-list code is going to ignore all but the
+ * first 2 bytes of it. */
+void sum_end(char *sum)
 {
-	switch (cursum_type) {
+#ifdef USE_OPENSSL
+	if (cur_sum_evp_md) {
+		EVP_DigestFinal_ex(ctx_evp, (uchar *)sum, NULL);
+	} else
+#endif
+	switch (cur_sum_nni->num) {
 #ifdef SUPPORT_XXHASH
 	  case CSUM_XXH64:
 		SIVAL64(sum, 0, XXH64_digest(xxh64_state));
@@ -597,22 +707,18 @@ int sum_end(char *sum)
 	  }
 #endif
 	  case CSUM_MD5:
-		MD5_Final((uchar *)sum, &ctx.m5);
+		md5_result(&ctx_md, (uchar *)sum);
 		break;
 	  case CSUM_MD4:
-#ifdef USE_OPENSSL
-		MD4_Final((uchar *)sum, &ctx.m4);
-		break;
-#endif
 	  case CSUM_MD4_OLD:
-		mdfour_update(&ctx.md, (uchar *)ctx.md.buffer, sumresidue);
-		mdfour_result(&ctx.md, (uchar *)sum);
+		mdfour_update(&ctx_md, (uchar *)ctx_md.buffer, sumresidue);
+		mdfour_result(&ctx_md, (uchar *)sum);
 		break;
 	  case CSUM_MD4_BUSTED:
 	  case CSUM_MD4_ARCHAIC:
 		if (sumresidue)
-			mdfour_update(&ctx.md, (uchar *)ctx.md.buffer, sumresidue);
-		mdfour_result(&ctx.md, (uchar *)sum);
+			mdfour_update(&ctx_md, (uchar *)ctx_md.buffer, sumresidue);
+		mdfour_result(&ctx_md, (uchar *)sum);
 		break;
 	  case CSUM_NONE:
 		*sum = '\0';
@@ -620,6 +726,78 @@ int sum_end(char *sum)
 	  default: /* paranoia to prevent missing case values */
 		exit_cleanup(RERR_UNSUPPORTED);
 	}
-
-	return csum_len_for_type(cursum_type, 0);
+}
+
+#if defined SUPPORT_XXH3 || defined USE_OPENSSL
+static void verify_digest(struct name_num_item *nni, BOOL check_auth_list)
+{
+#ifdef SUPPORT_XXH3
+	static int xxh3_result = 0;
+#endif
+#ifdef USE_OPENSSL
+	static int prior_num = 0, prior_flags = 0, prior_result = 0;
+#endif
+
+#ifdef SUPPORT_XXH3
+	if (nni->num == CSUM_XXH3_64 || nni->num == CSUM_XXH3_128) {
+		if (!xxh3_result) {
+			char buf[32816];
+			int j;
+			for (j = 0; j < (int)sizeof buf; j++)
+				buf[j] = ' ' + (j % 96);
+			sum_init(nni, 0);
+			sum_update(buf, 32816);
+			sum_update(buf, 31152);
+			sum_update(buf, 32474);
+			sum_update(buf, 9322);
+			xxh3_result = XXH3_64bits_digest(xxh3_state) != 0xadbcf16d4678d1de ? -1 : 1;
+		}
+		if (xxh3_result < 0)
+			nni->num = CSUM_gone;
+		return;
+	}
+#endif
+
+#ifdef USE_OPENSSL
+	if (BITS_SETnUNSET(nni->flags, NNI_EVP, NNI_BUILTIN|NNI_EVP_OK)) {
+		if (nni->num == prior_num && nni->flags == prior_flags) {
+			nni->flags = prior_result;
+			if (!(nni->flags & NNI_EVP))
+				nni->num = CSUM_gone;
+		} else {
+			prior_num = nni->num;
+			prior_flags = nni->flags;
+			if (!csum_evp_md(nni))
+				nni->num = CSUM_gone;
+			prior_result = nni->flags;
+			if (check_auth_list && (nni = get_nni_by_num(&valid_auth_checksums, prior_num)) != NULL)
+				verify_digest(nni, False);
+		}
+	}
+#endif
+}
+#endif
+
+void init_checksum_choices()
+{
+#if defined SUPPORT_XXH3 || defined USE_OPENSSL
+	struct name_num_item *nni;
+#endif
+
+	if (initialized_choices)
+		return;
+
+#if defined USE_OPENSSL && OPENSSL_VERSION_NUMBER < 0x10100000L
+	OpenSSL_add_all_algorithms();
+#endif
+
+#if defined SUPPORT_XXH3 || defined USE_OPENSSL
+	for (nni = valid_checksums.list; nni->name; nni++)
+		verify_digest(nni, True);
+
+	for (nni = valid_auth_checksums.list; nni->name; nni++)
+		verify_digest(nni, False);
+#endif
+
+	initialized_choices = 1;
 }

cleanup.c

@@ -137,7 +137,7 @@ NORETURN void _exit_cleanup(int code, const char *file, int line)
 		if (DEBUG_GTE(EXIT, 2)) {
 			rprintf(FINFO,
 				"[%s] _exit_cleanup(code=%d, file=%s, line=%d): entered\n",
-				who_am_i(), code, file, line);
+				who_am_i(), code, src_file(file), line);
 		}
 
 #include "case_N.h"
@@ -198,7 +198,7 @@ NORETURN void _exit_cleanup(int code, const char *file, int line)
 		switch_step++;
 
 		if (cleanup_fname)
-			do_unlink(cleanup_fname);
+			do_unlink_at(cleanup_fname);
 		if (exit_code)
 			kill_all(SIGUSR1);
 		if (cleanup_pid && cleanup_pid == getpid()) {
@@ -222,10 +222,6 @@ NORETURN void _exit_cleanup(int code, const char *file, int line)
 		 * we don't want to output a duplicate error. */
 		if ((exit_code && line > 0)
 		 || am_daemon || (logfile_name && (am_server || !INFO_GTE(STATS, 1)))) {
-#ifdef HAVE_USLEEP /* A tiny delay just in case both sender & receiver are sending a msg at the same time. */
-			if (am_server && exit_code)
-				usleep(50);
-#endif
 			log_exit(exit_code, exit_file, exit_line);
 		}
 
@@ -273,8 +269,16 @@ NORETURN void _exit_cleanup(int code, const char *file, int line)
 		break;
 	}
 
-	if (called_from_signal_handler)
+	if (called_from_signal_handler) {
+#ifdef GCOV_COVERAGE
+		/* _exit() bypasses the gcov atexit flush; rsync's generator (and
+		 * other processes) normally finish via the signal handler, so
+		 * without this they would write no .gcda. Harmless otherwise. */
+		extern void __gcov_dump(void);
+		__gcov_dump();
+#endif
 		_exit(exit_code);
+	}
 	exit(exit_code);
 }
 

clientname.c

@@ -3,7 +3,7 @@
  *
  * Copyright (C) 1992-2001 Andrew Tridgell <tridge@samba.org>
  * Copyright (C) 2001, 2002 Martin Pool <mbp@samba.org>
- * Copyright (C) 2002-2020 Wayne Davison
+ * Copyright (C) 2002-2022 Wayne Davison
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -49,7 +49,7 @@ static char ipaddr_buf[100];
 
 static void client_sockaddr(int fd, struct sockaddr_storage *ss, socklen_t *ss_len);
 static int check_name(const char *ipaddr, const struct sockaddr_storage *ss, char *name_buf, size_t name_buf_size);
-static int valid_ipaddr(const char *s);
+static int valid_ipaddr(const char *s, int allow_scope);
 
 /* Return the IP addr of the client as a string. */
 char *client_addr(int fd)
@@ -73,7 +73,7 @@ char *client_addr(int fd)
 			if ((p = strchr(ipaddr_buf, ' ')) != NULL)
 				*p = '\0';
 		}
-		if (valid_ipaddr(ipaddr_buf))
+		if (valid_ipaddr(ipaddr_buf, True))
 			return ipaddr_buf;
 	}
 
@@ -139,7 +139,7 @@ char *client_name(const char *ipaddr)
 		break;
 #endif
 	default:
-		assert(0);
+		NOISY_DEATH("Unknown ai_family value");
 	}
 	freeaddrinfo(answer);
 
@@ -156,7 +156,7 @@ char *client_name(const char *ipaddr)
 }
 
 
-/* Try to read an proxy protocol header (V1 or V2). Returns 1 on success or 0 on failure. */
+/* Try to read a proxy protocol header (V1 or V2). Returns 1 on success or 0 on failure. */
 int read_proxy_protocol_header(int fd)
 {
 	union {
@@ -167,7 +167,7 @@ int read_proxy_protocol_header(int fd)
 			char sig[PROXY_V2_SIG_SIZE];
 			char ver_cmd;
 			char fam;
-			char len[2];
+			unsigned char len[2];
 			union {
 				struct {
 					char src_addr[4];
@@ -213,12 +213,14 @@ int read_proxy_protocol_header(int fd)
 				if (size != sizeof hdr.v2.addr.ip4)
 					return 0;
 				inet_ntop(AF_INET, hdr.v2.addr.ip4.src_addr, ipaddr_buf, sizeof ipaddr_buf);
-				return valid_ipaddr(ipaddr_buf);
+				return valid_ipaddr(ipaddr_buf, False);
+#ifdef INET6
 			case PROXY_FAM_TCPv6:
 				if (size != sizeof hdr.v2.addr.ip6)
 					return 0;
 				inet_ntop(AF_INET6, hdr.v2.addr.ip6.src_addr, ipaddr_buf, sizeof ipaddr_buf);
-				return valid_ipaddr(ipaddr_buf);
+				return valid_ipaddr(ipaddr_buf, False);
+#endif
 			default:
 				break;
 			}
@@ -274,7 +276,7 @@ int read_proxy_protocol_header(int fd)
 		if ((sp = strchr(p, ' ')) == NULL)
 			return 0;
 		*sp = '\0';
-		if (!valid_ipaddr(p))
+		if (!valid_ipaddr(p, False))
 			return 0;
 		strlcpy(ipaddr_buf, p, sizeof ipaddr_buf); /* It will always fit when valid. */
 
@@ -282,7 +284,7 @@ int read_proxy_protocol_header(int fd)
 		if ((sp = strchr(p, ' ')) == NULL)
 			return 0;
 		*sp = '\0';
-		if (!valid_ipaddr(p))
+		if (!valid_ipaddr(p, False))
 			return 0;
 		/* Ignore destination address. */
 
@@ -464,7 +466,7 @@ static int check_name(const char *ipaddr, const struct sockaddr_storage *ss, cha
 }
 
 /* Returns 1 for a valid IPv4 or IPv6 addr, or 0 for a bad one. */
-static int valid_ipaddr(const char *s)
+static int valid_ipaddr(const char *s, int allow_scope)
 {
 	int i;
 
@@ -482,6 +484,11 @@ static int valid_ipaddr(const char *s)
 		for (count = 0; count < 8; count++) {
 			if (!*s)
 				return saw_double_colon;
+			if (allow_scope && *s == '%') {
+				if (saw_double_colon)
+					break;
+				return 0;
+			}
 
 			if (strchr(s, ':') == NULL && strchr(s, '.') != NULL) {
 				if ((!saw_double_colon && count != 6) || (saw_double_colon && count > 6))
@@ -507,8 +514,11 @@ static int valid_ipaddr(const char *s)
 			}
 		}
 
-		if (!ipv4_at_end)
-			return !*s;
+		if (!ipv4_at_end) {
+			if (allow_scope && *s == '%')
+				for (s++; isAlNum(s); s++) { }
+			return !*s && s[-1] != '%';
+		}
 	}
 
 	/* IPv4 */

clientserver.c

@@ -3,7 +3,7 @@
  *
  * Copyright (C) 1998-2001 Andrew Tridgell <tridge@samba.org>
  * Copyright (C) 2001-2002 Martin Pool <mbp@samba.org>
- * Copyright (C) 2002-2020 Wayne Davison
+ * Copyright (C) 2002-2022 Wayne Davison
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -21,6 +21,7 @@
 
 #include "rsync.h"
 #include "itypes.h"
+#include "ifuncs.h"
 
 extern int quiet;
 extern int dry_run;
@@ -29,6 +30,7 @@ extern int list_only;
 extern int am_sender;
 extern int am_server;
 extern int am_daemon;
+extern int am_chrooted;
 extern int am_root;
 extern int msgs2stderr;
 extern int rsync_port;
@@ -36,8 +38,9 @@ extern int protect_args;
 extern int ignore_errors;
 extern int preserve_xattrs;
 extern int kluge_around_eof;
-extern int daemon_over_rsh;
 extern int munge_symlinks;
+extern int use_secure_symlinks;
+extern int open_noatime;
 extern int sanitize_paths;
 extern int numeric_ids;
 extern int filesfrom_fd;
@@ -46,6 +49,7 @@ extern int protocol_version;
 extern int io_timeout;
 extern int no_detach;
 extern int write_batch;
+extern int old_style_args;
 extern int default_af_hint;
 extern int logfile_format_has_i;
 extern int logfile_format_has_o_or_i;
@@ -65,11 +69,13 @@ extern uid_t our_uid;
 extern gid_t our_gid;
 
 char *auth_user;
+char *daemon_auth_choices;
 int read_only = 0;
 int module_id = -1;
 int pid_file_fd = -1;
 int early_input_len = 0;
 char *early_input = NULL;
+pid_t namecvt_pid = 0;
 struct chmod_mode_struct *daemon_chmod_modes;
 
 #define EARLY_INPUT_CMD "#early_input="
@@ -84,6 +90,7 @@ unsigned int module_dirlen = 0;
 char *full_module_path;
 
 static int rl_nulls = 0;
+static int namecvt_fd_req = -1, namecvt_fd_ans = -1;
 
 #ifdef HAVE_SIGACTION
 static struct sigaction sigact;
@@ -145,13 +152,9 @@ int start_socket_client(char *host, int remote_argc, char *remote_argv[],
 static int exchange_protocols(int f_in, int f_out, char *buf, size_t bufsiz, int am_client)
 {
 	int remote_sub = -1;
-#if SUBPROTOCOL_VERSION != 0
-	int our_sub = protocol_version < PROTOCOL_VERSION ? 0 : SUBPROTOCOL_VERSION;
-#else
-	int our_sub = 0;
-#endif
+	int our_sub = get_subprotocol_version();
 
-	io_printf(f_out, "@RSYNCD: %d.%d\n", protocol_version, our_sub);
+	output_daemon_greeting(f_out, am_client);
 	if (!am_client) {
 		char *motd = lp_motd_file();
 		if (motd && *motd) {
@@ -183,16 +186,30 @@ static int exchange_protocols(int f_in, int f_out, char *buf, size_t bufsiz, int
 	}
 
 	if (remote_sub < 0) {
-		if (remote_protocol == 30) {
+		if (remote_protocol >= 30) {
 			if (am_client)
-				rprintf(FERROR, "rsync: server is speaking an incompatible beta of protocol 30\n");
+				rprintf(FERROR, "rsync: the server omitted the subprotocol value: %s\n", buf);
 			else
-				io_printf(f_out, "@ERROR: your client is speaking an incompatible beta of protocol 30\n");
+				io_printf(f_out, "@ERROR: your client omitted the subprotocol value: %s\n", buf);
 			return -1;
 		}
 		remote_sub = 0;
 	}
 
+	daemon_auth_choices = strchr(buf + 9, ' ');
+	if (daemon_auth_choices) {
+		char *cp;
+		daemon_auth_choices = strdup(daemon_auth_choices + 1);
+		if ((cp = strchr(daemon_auth_choices, '\n')) != NULL)
+			*cp = '\0';
+	} else if (remote_protocol > 31) {
+		if (am_client)
+			rprintf(FERROR, "rsync: the server omitted the digest name list: %s\n", buf);
+		else
+			io_printf(f_out, "@ERROR: your client omitted the digest name list: %s\n", buf);
+		return -1;
+	}
+
 	if (protocol_version > remote_protocol) {
 		protocol_version = remote_protocol;
 		if (remote_sub)
@@ -278,10 +295,6 @@ int start_inband_exchange(int f_in, int f_out, const char *user, int argc, char
 		fclose(f);
 	}
 
-	/* set daemon_over_rsh to false since we need to build the
-	 * true set of args passed through the rsh/ssh connection;
-	 * this is a no-op for direct-socket-connection mode */
-	daemon_over_rsh = 0;
 	server_options(sargs, &sargc);
 
 	if (sargc >= MAX_ARGS - 2)
@@ -289,20 +302,45 @@ int start_inband_exchange(int f_in, int f_out, const char *user, int argc, char
 
 	sargs[sargc++] = ".";
 
+	if (!old_style_args)
+		snprintf(line, sizeof line, " %.*s/", modlen, modname);
+
 	while (argc > 0) {
 		if (sargc >= MAX_ARGS - 1) {
 		  arg_overflow:
 			rprintf(FERROR, "internal: args[] overflowed in do_cmd()\n");
 			exit_cleanup(RERR_SYNTAX);
 		}
-		if (strncmp(*argv, modname, modlen) == 0
-		 && argv[0][modlen] == '\0')
+		if (strncmp(*argv, modname, modlen) == 0 && argv[0][modlen] == '\0')
 			sargs[sargc++] = modname; /* we send "modname/" */
-		else if (**argv == '-') {
-			if (asprintf(sargs + sargc++, "./%s", *argv) < 0)
-				out_of_memory("start_inband_exchange");
-		} else
-			sargs[sargc++] = *argv;
+		else {
+			char *arg = *argv;
+			int extra_chars = *arg == '-' ? 2 : 0; /* a leading dash needs a "./" prefix. */
+			/* If --old-args was not specified, make sure that the arg won't split at a mod name! */
+			if (!old_style_args && (p = strstr(arg, line)) != NULL) {
+				do {
+					extra_chars += 2;
+				} while ((p = strstr(p+1, line)) != NULL);
+			}
+			if (extra_chars) {
+				char *f = arg;
+				char *t = arg = new_array(char, strlen(arg) + extra_chars + 1);
+				if (*f == '-') {
+					*t++ = '.';
+					*t++ = '/';
+				}
+				while (*f) {
+					if (*f == ' ' && strncmp(f, line, modlen+2) == 0) {
+						*t++ = '[';
+						*t++ = *f++;
+						*t++ = ']';
+					} else
+						*t++ = *f++;
+				}
+				*t = '\0';
+			}
+			sargs[sargc++] = arg;
+		}
 		argv++;
 		argc--;
 	}
@@ -356,7 +394,7 @@ int start_inband_exchange(int f_in, int f_out, const char *user, int argc, char
 
 	if (rl_nulls) {
 		for (i = 0; i < sargc; i++) {
-			if (!sargs[i]) /* stop at --protect-args NULL */
+			if (!sargs[i]) /* stop at --secluded-args NULL */
 				break;
 			write_sbuf(f_out, sargs[i]);
 			write_byte(f_out, 0);
@@ -381,7 +419,7 @@ int start_inband_exchange(int f_in, int f_out, const char *user, int argc, char
 	return 0;
 }
 
-#ifdef HAVE_PUTENV
+#if defined HAVE_SETENV || defined HAVE_PUTENV
 static int read_arg_from_pipe(int fd, char *buf, int limit)
 {
 	char *bp = buf, *eob = buf + limit - 1;
@@ -404,27 +442,61 @@ static int read_arg_from_pipe(int fd, char *buf, int limit)
 }
 #endif
 
-static void set_env_str(const char *var, const char *str)
+void set_env_str(const char *var, const char *str)
 {
+#ifdef HAVE_SETENV
+	if (setenv(var, str, 1) < 0)
+		out_of_memory("set_env_str");
+#else
 #ifdef HAVE_PUTENV
 	char *mem;
 	if (asprintf(&mem, "%s=%s", var, str) < 0)
 		out_of_memory("set_env_str");
 	putenv(mem);
+#else
+	(void)var;
+	(void)str;
+#endif
 #endif
 }
 
+#if defined HAVE_SETENV || defined HAVE_PUTENV
+
+static void set_envN_str(const char *var, int num, const char *str)
+{
+#ifdef HAVE_SETENV
+	char buf[128];
+	(void)snprintf(buf, sizeof buf, "%s%d", var, num);
+	if (setenv(buf, str, 1) < 0)
+		out_of_memory("set_env_str");
+#else
 #ifdef HAVE_PUTENV
+	char *mem;
+	if (asprintf(&mem, "%s%d=%s", var, num, str) < 0)
+		out_of_memory("set_envN_str");
+	putenv(mem);
+#endif
+#endif
+}
+
 void set_env_num(const char *var, long num)
 {
+#ifdef HAVE_SETENV
+	char val[64];
+	(void)snprintf(val, sizeof val, "%ld", num);
+	if (setenv(var, val, 1) < 0)
+		out_of_memory("set_env_str");
+#else
+#ifdef HAVE_PUTENV
 	char *mem;
 	if (asprintf(&mem, "%s=%ld", var, num) < 0)
 		out_of_memory("set_env_num");
 	putenv(mem);
-}
 #endif
+#endif
+}
 
-/* Used for both early exec & pre-xfer exec */
+/* Used for "early exec", "pre-xfer exec", and the "name converter" script. */
 static pid_t start_pre_exec(const char *cmd, int *arg_fd_ptr, int *error_fd_ptr)
 {
 	int arg_fds[2], error_fds[2], arg_fd;
@@ -452,15 +524,13 @@ static pid_t start_pre_exec(const char *cmd, int *arg_fd_ptr, int *error_fd_ptr)
 		set_env_str("RSYNC_REQUEST", buf);
 
 		for (j = 0; ; j++) {
-			char *p;
 			len = read_arg_from_pipe(arg_fd, buf, BIGPATHBUFLEN);
 			if (len <= 0) {
 				if (!len)
 					break;
 				_exit(1);
 			}
-			if (asprintf(&p, "RSYNC_ARG%d=%s", j, buf) >= 0)
-				putenv(p);
+			set_envN_str("RSYNC_ARG", j, buf);
 		}
 
 		dup2(arg_fd, STDIN_FILENO);
@@ -491,7 +561,9 @@ static pid_t start_pre_exec(const char *cmd, int *arg_fd_ptr, int *error_fd_ptr)
 	return pid;
 }
 
-static void write_pre_exec_args(int write_fd, char *request, char **early_argv, char **argv, int am_early)
+#endif
+
+static void write_pre_exec_args(int write_fd, char *request, char **early_argv, char **argv, int exec_type)
 {
 	int j = 0;
 
@@ -510,10 +582,11 @@ static void write_pre_exec_args(int write_fd, char *request, char **early_argv,
 	}
 	write_byte(write_fd, 0);
 
-	if (am_early && early_input_len)
+	if (exec_type == 1 && early_input_len)
 		write_buf(write_fd, early_input, early_input_len);
 
-	close(write_fd);
+	if (exec_type != 2) /* the name converter needs this left open */
+		close(write_fd);
 }
 
 static char *finish_pre_exec(const char *desc, pid_t pid, int read_fd)
@@ -630,7 +703,7 @@ static int rsync_module(int f_in, int f_out, int i, const char *addr, const char
 	int set_uid;
 	char *p, *err_msg = NULL;
 	char *name = lp_name(i);
-	int use_chroot = lp_use_chroot(i);
+	int use_chroot = lp_use_chroot(i); /* might be 1 (yes), 0 (no), or -1 (unset) */
 	int ret, pre_exec_arg_fd = -1, pre_exec_error_fd = -1;
 	int save_munge_symlinks;
 	pid_t pre_exec_pid = 0;
@@ -695,17 +768,17 @@ static int rsync_module(int f_in, int f_out, int i, const char *addr, const char
 
 	module_id = i;
 
-	if (lp_transfer_logging(i) && !logfile_format)
-		logfile_format = lp_log_format(i);
+	if (lp_transfer_logging(module_id) && !logfile_format)
+		logfile_format = lp_log_format(module_id);
 	if (log_format_has(logfile_format, 'i'))
 		logfile_format_has_i = 1;
 	if (logfile_format_has_i || log_format_has(logfile_format, 'o'))
 		logfile_format_has_o_or_i = 1;
 
 	uid = MY_UID();
-	am_root = (uid == 0);
+	am_root = (uid == ROOT_UID);
 
-	p = *lp_uid(i) ? lp_uid(i) : am_root ? NOBODY_USER : NULL;
+	p = *lp_uid(module_id) ? lp_uid(module_id) : am_root ? NOBODY_USER : NULL;
 	if (p) {
 		if (!user_to_uid(p, &uid, True)) {
 			rprintf(FLOG, "Invalid uid %s\n", p);
@@ -716,7 +789,7 @@ static int rsync_module(int f_in, int f_out, int i, const char *addr, const char
 	} else
 		set_uid = 0;
 
-	p = *lp_gid(i) ? conf_strtok(lp_gid(i)) : NULL;
+	p = *lp_gid(module_id) ? conf_strtok(lp_gid(module_id)) : NULL;
 	if (p) {
 		/* The "*" gid must be the first item in the list. */
 		if (strcmp(p, "*") == 0) {
@@ -749,12 +822,26 @@ static int rsync_module(int f_in, int f_out, int i, const char *addr, const char
 			return -1;
 	}
 
-	module_dir = lp_path(i);
+	module_dir = lp_path(module_id);
 	if (*module_dir == '\0') {
 		rprintf(FLOG, "No path specified for module %s\n", name);
 		io_printf(f_out, "@ERROR: no path setting.\n");
 		return -1;
 	}
+	if (use_chroot < 0) {
+		if (strstr(module_dir, "/./") != NULL)
+			use_chroot = 1; /* The module is expecting a chroot inner & outer path. */
+		else if (chroot("/") < 0) {
+			rprintf(FLOG, "chroot test failed: %s. "
+				      "Switching 'use chroot' from unset to false.\n",
+				      strerror(errno));
+			use_chroot = 0;
+		} else {
+			if (chdir("/") < 0)
+			    rsyserr(FLOG, errno, "chdir(\"/\") failed");
+			use_chroot = 1;
+		}
+	}
 	if (use_chroot) {
 		if ((p = strstr(module_dir, "/./")) != NULL) {
 			*p = '\0'; /* Temporary... */
@@ -786,38 +873,39 @@ static int rsync_module(int f_in, int f_out, int i, const char *addr, const char
 	} else
 		set_filter_dir(module_dir, module_dirlen);
 
-	p = lp_filter(i);
+	p = lp_filter(module_id);
 	parse_filter_str(&daemon_filter_list, p, rule_template(FILTRULE_WORD_SPLIT),
 		XFLG_ABS_IF_SLASH | XFLG_DIR2WILD3);
 
-	p = lp_include_from(i);
+	p = lp_include_from(module_id);
 	parse_filter_file(&daemon_filter_list, p, rule_template(FILTRULE_INCLUDE),
 		XFLG_ABS_IF_SLASH | XFLG_DIR2WILD3 | XFLG_OLD_PREFIXES | XFLG_FATAL_ERRORS);
 
-	p = lp_include(i);
+	p = lp_include(module_id);
 	parse_filter_str(&daemon_filter_list, p,
 		rule_template(FILTRULE_INCLUDE | FILTRULE_WORD_SPLIT),
 		XFLG_ABS_IF_SLASH | XFLG_DIR2WILD3 | XFLG_OLD_PREFIXES);
 
-	p = lp_exclude_from(i);
+	p = lp_exclude_from(module_id);
 	parse_filter_file(&daemon_filter_list, p, rule_template(0),
 		XFLG_ABS_IF_SLASH | XFLG_DIR2WILD3 | XFLG_OLD_PREFIXES | XFLG_FATAL_ERRORS);
 
-	p = lp_exclude(i);
+	p = lp_exclude(module_id);
 	parse_filter_str(&daemon_filter_list, p, rule_template(FILTRULE_WORD_SPLIT),
 		XFLG_ABS_IF_SLASH | XFLG_DIR2WILD3 | XFLG_OLD_PREFIXES);
 
 	log_init(1);
 
-#ifdef HAVE_PUTENV
-	if ((*lp_early_exec(i) || *lp_prexfer_exec(i) || *lp_postxfer_exec(i))
+#if defined HAVE_SETENV || defined HAVE_PUTENV
+	if ((*lp_early_exec(module_id) || *lp_prexfer_exec(module_id)
+	  || *lp_postxfer_exec(module_id) || *lp_name_converter(module_id))
 	 && !getenv("RSYNC_NO_XFER_EXEC")) {
 		set_env_num("RSYNC_PID", (long)getpid());
 
 		/* For post-xfer exec, fork a new process to run the rsync
 		 * daemon while this process waits for the exit status and
 		 * runs the indicated command at that point. */
-		if (*lp_postxfer_exec(i)) {
+		if (*lp_postxfer_exec(module_id)) {
 			pid_t pid = fork();
 			if (pid < 0) {
 				rsyserr(FLOG, errno, "fork failed");
@@ -837,7 +925,7 @@ static int rsync_module(int f_in, int f_out, int i, const char *addr, const char
 				else
 					status = -1;
 				set_env_num("RSYNC_EXIT_STATUS", status);
-				if (shell_exec(lp_postxfer_exec(i)) < 0)
+				if (shell_exec(lp_postxfer_exec(module_id)) < 0)
 					status = -1;
 				_exit(status);
 			}
@@ -845,9 +933,9 @@ static int rsync_module(int f_in, int f_out, int i, const char *addr, const char
 
 		/* For early exec, fork a child process to run the indicated
 		 * command and wait for it to exit. */
-		if (*lp_early_exec(i)) {
+		if (*lp_early_exec(module_id)) {
 			int arg_fd;
-			pid_t pid = start_pre_exec(lp_early_exec(i), &arg_fd, NULL);
+			pid_t pid = start_pre_exec(lp_early_exec(module_id), &arg_fd, NULL);
 			if (pid == (pid_t)-1) {
 				rsyserr(FLOG, errno, "early exec preparation failed");
 				io_printf(f_out, "@ERROR: early exec preparation failed\n");
@@ -864,14 +952,23 @@ static int rsync_module(int f_in, int f_out, int i, const char *addr, const char
 		/* For pre-xfer exec, fork a child process to run the indicated
 		 * command, though it first waits for the parent process to
 		 * send us the user's request via a pipe. */
-		if (*lp_prexfer_exec(i)) {
-			pre_exec_pid = start_pre_exec(lp_prexfer_exec(i), &pre_exec_arg_fd, &pre_exec_error_fd);
+		if (*lp_prexfer_exec(module_id)) {
+			pre_exec_pid = start_pre_exec(lp_prexfer_exec(module_id), &pre_exec_arg_fd, &pre_exec_error_fd);
 			if (pre_exec_pid == (pid_t)-1) {
 				rsyserr(FLOG, errno, "pre-xfer exec preparation failed");
 				io_printf(f_out, "@ERROR: pre-xfer exec preparation failed\n");
 				return -1;
 			}
 		}
+
+		if (*lp_name_converter(module_id)) {
+			namecvt_pid = start_pre_exec(lp_name_converter(module_id), &namecvt_fd_req, &namecvt_fd_ans);
+			if (namecvt_pid == (pid_t)-1) {
+				rsyserr(FLOG, errno, "name-converter exec preparation failed");
+				io_printf(f_out, "@ERROR: name-converter exec preparation failed\n");
+				return -1;
+			}
+		}
 	}
 #endif
 
@@ -881,32 +978,23 @@ static int rsync_module(int f_in, int f_out, int i, const char *addr, const char
 	}
 
 	if (use_chroot) {
-		/*
-		 * XXX: The 'use chroot' flag is a fairly reliable
-		 * source of confusion, because it fails under two
-		 * important circumstances: running as non-root,
-		 * running on Win32 (or possibly others).  On the
-		 * other hand, if you are running as root, then it
-		 * might be better to always use chroot.
-		 *
-		 * So, perhaps if we can't chroot we should just issue
-		 * a warning, unless a "require chroot" flag is set,
-		 * in which case we fail.
-		 */
+		/* Cache timezone data before chroot makes /etc/localtime inaccessible */
+		tzset();
 		if (chroot(module_chdir)) {
-			rsyserr(FLOG, errno, "chroot %s failed", module_chdir);
+			rsyserr(FLOG, errno, "chroot(\"%s\") failed", module_chdir);
 			io_printf(f_out, "@ERROR: chroot failed\n");
 			return -1;
 		}
+		am_chrooted = 1;
 		module_chdir = module_dir;
 	}
 
 	if (!change_dir(module_chdir, CD_NORMAL))
 		return path_failure(f_out, module_chdir, True);
-	if (module_dirlen || (!use_chroot && !*lp_daemon_chroot()))
+	if (module_dirlen)
 		sanitize_paths = 1;
 
-	if ((munge_symlinks = lp_munge_symlinks(i)) < 0)
+	if ((munge_symlinks = lp_munge_symlinks(module_id)) < 0)
 		munge_symlinks = !use_chroot || module_dirlen;
 	if (munge_symlinks) {
 		STRUCT_STAT st;
@@ -920,6 +1008,15 @@ static int rsync_module(int f_in, int f_out, int i, const char *addr, const char
 		}
 	}
 
+	/* Enable secure symlink handling for any non-chrooted daemon module.
+	 * This prevents TOCTOU race attacks where an attacker could switch a
+	 * directory to a symlink between path validation and file open.
+	 * Match the gate used by the do_*_at() wrappers in syscall.c
+	 * (am_daemon && !am_chrooted) -- the protection has nothing to do
+	 * with symlink munging, so a module configured with
+	 * "munge symlinks = false" must still get the secure-open path. */
+	use_secure_symlinks = am_daemon && !am_chrooted;
+
 	if (gid_list.count) {
 		gid_t *gid_array = gid_list.items;
 		if (setgid(gid_array[0])) {
@@ -958,11 +1055,11 @@ static int rsync_module(int f_in, int f_out, int i, const char *addr, const char
 		}
 
 		our_uid = MY_UID();
-		am_root = (our_uid == 0);
+		am_root = (our_uid == ROOT_UID);
 	}
 
-	if (lp_temp_dir(i) && *lp_temp_dir(i)) {
-		tmpdir = lp_temp_dir(i);
+	if (lp_temp_dir(module_id) && *lp_temp_dir(module_id)) {
+		tmpdir = lp_temp_dir(module_id);
 		if (strlen(tmpdir) >= MAXPATHLEN - 10) {
 			rprintf(FLOG,
 				"the 'temp dir' value for %s is WAY too long -- ignoring.\n",
@@ -973,7 +1070,7 @@ static int rsync_module(int f_in, int f_out, int i, const char *addr, const char
 
 	io_printf(f_out, "@RSYNCD: OK\n");
 
-	read_args(f_in, name, line, sizeof line, rl_nulls, &argv, &argc, &request);
+	read_args(f_in, name, line, sizeof line, rl_nulls, 1, &argv, &argc, &request);
 	orig_argv = argv;
 
 	save_munge_symlinks = munge_symlinks;
@@ -983,13 +1080,18 @@ static int rsync_module(int f_in, int f_out, int i, const char *addr, const char
 	if (protect_args && ret) {
 		orig_early_argv = orig_argv;
 		protect_args = 2;
-		read_args(f_in, name, line, sizeof line, 1, &argv, &argc, &request);
+		read_args(f_in, name, line, sizeof line, 1, 0, &argv, &argc, &request);
 		orig_argv = argv;
 		ret = parse_arguments(&argc, (const char ***) &argv);
 	} else
 		orig_early_argv = NULL;
 
+	/* The default is to use the user's setting unless the module sets True or False. */
+	if (lp_open_noatime(module_id) >= 0)
+		open_noatime = lp_open_noatime(module_id);
+
 	munge_symlinks = save_munge_symlinks; /* The client mustn't control this. */
+
 	if (am_daemon > 0)
 		msgs2stderr = 0; /* A non-rsh-run daemon doesn't have stderr for msgs. */
 
@@ -998,6 +1100,9 @@ static int rsync_module(int f_in, int f_out, int i, const char *addr, const char
 		err_msg = finish_pre_exec("pre-xfer exec", pre_exec_pid, pre_exec_error_fd);
 	}
 
+	if (namecvt_pid)
+		write_pre_exec_args(namecvt_fd_req, request, orig_early_argv, orig_argv, 2);
+
 	if (orig_early_argv)
 		free(orig_early_argv);
 
@@ -1008,7 +1113,7 @@ static int rsync_module(int f_in, int f_out, int i, const char *addr, const char
 	if (write_batch < 0)
 		dry_run = 1;
 
-	if (lp_fake_super(i)) {
+	if (lp_fake_super(module_id)) {
 		if (preserve_xattrs > 1)
 			preserve_xattrs = 1;
 		am_root = -1;
@@ -1033,7 +1138,7 @@ static int rsync_module(int f_in, int f_out, int i, const char *addr, const char
 
 #ifndef DEBUG
 	/* don't allow the logs to be flooded too fast */
-	limit_output_verbosity(lp_max_verbosity(i));
+	limit_output_verbosity(lp_max_verbosity(module_id));
 #endif
 
 	if (protocol_version < 23 && (protocol_version == 22 || am_sender))
@@ -1094,20 +1199,21 @@ static int rsync_module(int f_in, int f_out, int i, const char *addr, const char
 #endif
 
 	if (!numeric_ids
-	 && (use_chroot ? lp_numeric_ids(i) != False : lp_numeric_ids(i) == True))
+	 && (use_chroot ? lp_numeric_ids(module_id) != False && !*lp_name_converter(module_id)
+		        : lp_numeric_ids(module_id) == True))
 		numeric_ids = -1; /* Set --numeric-ids w/o breaking protocol. */
 
-	if (lp_timeout(i) && (!io_timeout || lp_timeout(i) < io_timeout))
-		set_io_timeout(lp_timeout(i));
+	if (lp_timeout(module_id) && (!io_timeout || lp_timeout(module_id) < io_timeout))
+		set_io_timeout(lp_timeout(module_id));
 
 	/* If we have some incoming/outgoing chmod changes, append them to
 	 * any user-specified changes (making our changes have priority).
 	 * We also get a pointer to just our changes so that a receiver
 	 * process can use them separately if --perms wasn't specified. */
 	if (am_sender)
-		p = lp_outgoing_chmod(i);
+		p = lp_outgoing_chmod(module_id);
 	else
-		p = lp_incoming_chmod(i);
+		p = lp_incoming_chmod(module_id);
 	if (*p && !(daemon_chmod_modes = parse_chmod(p, &chmod_modes))) {
 		rprintf(FLOG, "Invalid \"%sing chmod\" directive: %s\n",
 			am_sender ? "outgo" : "incom", p);
@@ -1118,6 +1224,38 @@ static int rsync_module(int f_in, int f_out, int i, const char *addr, const char
 	return 0;
 }
 
+BOOL namecvt_call(const char *cmd, const char **name_p, id_t *id_p)
+{
+	char buf[1024];
+	int got, len;
+
+	if (*name_p)
+		len = snprintf(buf, sizeof buf, "%s %s\n", cmd, *name_p);
+	else
+		len = snprintf(buf, sizeof buf, "%s %ld\n", cmd, (long)*id_p);
+	if (len >= (int)sizeof buf) {
+		rprintf(FERROR, "namecvt_call() request was too large.\n");
+		exit_cleanup(RERR_UNSUPPORTED);
+	}
+
+	while ((got = write(namecvt_fd_req, buf, len)) != len) {
+		if (got < 0 && errno == EINTR)
+			continue;
+		rprintf(FERROR, "Connection to name-converter failed.\n");
+		exit_cleanup(RERR_SOCKETIO);
+	}
+
+	if (!read_line_old(namecvt_fd_ans, buf, sizeof buf, 0))
+		return False;
+
+	if (*name_p)
+		*id_p = (id_t)atol(buf);
+	else
+		*name_p = strdup(buf);
+
+	return True;
+}
+
 /* send a list of available modules to the client. Don't list those
    with "list = False". */
 static void send_listing(int fd)
@@ -1174,11 +1312,51 @@ int start_daemon(int f_in, int f_out)
 	if (lp_proxy_protocol() && !read_proxy_protocol_header(f_in))
 		return -1;
 
+	/* Do reverse DNS lookup before chroot/setuid. The result is cached,
+	 * so the later client_name() call will use this cached value. This
+	 * ensures hostname-based ACLs work even when DNS is unavailable
+	 * after chroot.
+	 *
+	 * "reverse lookup" can be set globally OR per-module, so we also
+	 * scan each module: a deployment with "reverse lookup = no" in the
+	 * global section but "reverse lookup = yes" in a specific module
+	 * still triggers a post-chroot lookup at access-check time
+	 * (rsync_module() in this file), which would also fail in the
+	 * chroot and turn hostname-based deny rules into silent bypasses. */
+	{
+		int need_reverse = lp_reverse_lookup(-1);
+		int j, num_modules = lp_num_modules();
+		for (j = 0; !need_reverse && j < num_modules; j++) {
+			if (lp_reverse_lookup(j))
+				need_reverse = 1;
+		}
+		if (need_reverse)
+			(void)client_name(client_addr(f_in));
+	}
+
 	p = lp_daemon_chroot();
 	if (*p) {
 		log_init(0); /* Make use we've initialized syslog before chrooting. */
-		if (chroot(p) < 0 || chdir("/") < 0) {
-			rsyserr(FLOG, errno, "daemon chroot %s failed", p);
+		tzset();
+		if (chroot(p) < 0) {
+			rsyserr(FLOG, errno, "daemon chroot(\"%s\") failed", p);
+			return -1;
+		}
+		/* Deliberately do NOT set am_chrooted here.  am_chrooted
+		 * gates the per-module symlink-race defenses
+		 * (secure_relative_open() and the do_*_at() wrappers in
+		 * syscall.c) and means "the kernel is enforcing path
+		 * confinement at the module boundary".  The daemon chroot
+		 * confines path resolution to the daemon-chroot directory,
+		 * not to any individual module path -- modules sharing the
+		 * daemon chroot are still distinguishable filesystem
+		 * subtrees and a sender-controlled symlink in module A
+		 * could redirect a syscall to module B (or to other files
+		 * inside the daemon chroot) without the per-module
+		 * defenses.  Leave am_chrooted=0 here so secure_relative_open()
+		 * still fires for "use chroot = no" modules. */
+		if (chdir("/") < 0) {
+			rsyserr(FLOG, errno, "daemon chdir(\"/\") failed");
 			return -1;
 		}
 	}
@@ -1207,7 +1385,7 @@ int start_daemon(int f_in, int f_out)
 			return -1;
 		}
 		our_uid = MY_UID();
-		am_root = (our_uid == 0);
+		am_root = (our_uid == ROOT_UID);
 	}
 
 	addr = client_addr(f_in);
@@ -1400,7 +1578,7 @@ int daemon_main(void)
 	log_init(0);
 
 	rprintf(FLOG, "rsyncd version %s starting, listening on port %d\n",
-		RSYNC_VERSION, rsync_port);
+		rsync_version(), rsync_port);
 	/* TODO: If listening on a particular address, then show that
 	 * address too.  In fact, why not just do getnameinfo on the
 	 * local address??? */

compat.c

@@ -3,7 +3,7 @@
  *
  * Copyright (C) Andrew Tridgell 1996
  * Copyright (C) Paul Mackerras 1996
- * Copyright (C) 2004-2020 Wayne Davison
+ * Copyright (C) 2004-2022 Wayne Davison
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -21,6 +21,7 @@
 
 #include "rsync.h"
 #include "itypes.h"
+#include "ifuncs.h"
 
 extern int am_server;
 extern int am_sender;
@@ -43,6 +44,7 @@ extern int protect_args;
 extern int preserve_uid;
 extern int preserve_gid;
 extern int preserve_atimes;
+extern int preserve_crtimes;
 extern int preserve_acls;
 extern int preserve_xattrs;
 extern int xfer_flags_as_varint;
@@ -50,19 +52,25 @@ extern int need_messages_from_generator;
 extern int delete_mode, delete_before, delete_during, delete_after;
 extern int do_compression;
 extern int do_compression_level;
+extern int do_compression_threads;
+extern int saw_stderr_opt;
+extern int msgs2stderr;
 extern char *shell_cmd;
 extern char *partial_dir;
 extern char *files_from;
 extern char *filesfrom_host;
 extern const char *checksum_choice;
 extern const char *compress_choice;
+extern char *daemon_auth_choices;
 extern filter_rule_list filter_list;
 extern int need_unsorted_flist;
 #ifdef ICONV_OPTION
 extern iconv_t ic_send, ic_recv;
 extern char *iconv_opt;
 #endif
-extern struct name_num_obj valid_checksums;
+extern struct name_num_obj valid_checksums, valid_auth_checksums;
+
+extern struct name_num_item *xfer_sum_nni;
 
 int remote_protocol = 0;
 int file_extra_cnt = 0; /* count of file-list extras that everyone gets */
@@ -73,9 +81,13 @@ int want_xattr_optim = 0;
 int proper_seed_order = 0;
 int inplace_partial = 0;
 int do_negotiated_strings = 0;
+int xmit_id0_names = 0;
+
+struct name_num_item *xattr_sum_nni;
+int xattr_sum_len = 0;
 
 /* These index values are for the file-list's extra-attribute array. */
-int pathname_ndx, depth_ndx, atimes_ndx, uid_ndx, gid_ndx, acls_ndx, xattrs_ndx, unsort_ndx;
+int pathname_ndx, depth_ndx, atimes_ndx, crtimes_ndx, uid_ndx, gid_ndx, acls_ndx, xattrs_ndx, unsort_ndx;
 
 int receiver_symlink_times = 0; /* receiver can set the time on a symlink */
 int sender_symlink_iconv = 0;	/* sender should convert symlink content */
@@ -86,19 +98,21 @@ int filesfrom_convert = 0;
 
 #define MAX_NSTR_STRLEN 256
 
-struct name_num_obj valid_compressions = {
-	"compress", NULL, NULL, 0, 0, {
+struct name_num_item valid_compressions_items[] = {
 #ifdef SUPPORT_ZSTD
-		{ CPRES_ZSTD, "zstd", NULL },
+	{ CPRES_ZSTD, 0, "zstd", NULL },
 #endif
 #ifdef SUPPORT_LZ4
-		{ CPRES_LZ4, "lz4", NULL },
+	{ CPRES_LZ4, 0, "lz4", NULL },
 #endif
-		{ CPRES_ZLIBX, "zlibx", NULL },
-		{ CPRES_ZLIB, "zlib", NULL },
-		{ CPRES_NONE, "none", NULL },
-		{ 0, NULL, NULL }
-	}
+	{ CPRES_ZLIBX, 0, "zlibx", NULL },
+	{ CPRES_ZLIB, 0, "zlib", NULL },
+	{ CPRES_NONE, 0, "none", NULL },
+	{ 0, 0, NULL, NULL }
+};
+
+struct name_num_obj valid_compressions = {
+	"compress", NULL, 0, 0, valid_compressions_items
 };
 
 #define CF_INC_RECURSE	 (1<<0)
@@ -109,6 +123,7 @@ struct name_num_obj valid_compressions = {
 #define CF_CHKSUM_SEED_FIX (1<<5)
 #define CF_INPLACE_PARTIAL_DIR (1<<6)
 #define CF_VARINT_FLIST_FLAGS (1<<7)
+#define CF_ID0_NAMES (1<<8)
 
 static const char *client_info;
 
@@ -117,13 +132,9 @@ static const char *client_info;
  * of that protocol for it to be advertised as available. */
 static void check_sub_protocol(void)
 {
-	char *dot;
+	const char *dot;
 	int their_protocol, their_sub;
-#if SUBPROTOCOL_VERSION != 0
-	int our_sub = protocol_version < PROTOCOL_VERSION ? 0 : SUBPROTOCOL_VERSION;
-#else
-	int our_sub = 0;
-#endif
+	int our_sub = get_subprotocol_version();
 
 	/* client_info starts with VER.SUB string if client is a pre-release. */
 	if (!(their_protocol = atoi(client_info))
@@ -150,7 +161,13 @@ static void check_sub_protocol(void)
 
 void set_allow_inc_recurse(void)
 {
-	client_info = shell_cmd ? shell_cmd : "";
+	if (!local_server)
+		client_info = shell_cmd ? shell_cmd : "";
+	else if (am_server) {
+		char buf[64];
+		maybe_add_e_option(buf, sizeof buf);
+		client_info = *buf ? strdup(buf+1) : ""; /* The +1 skips the leading "e". */
+	}
 
 	if (!recurse || use_qsort)
 		allow_inc_recurse = 0;
@@ -158,15 +175,14 @@ void set_allow_inc_recurse(void)
 	 && (delete_before || delete_after
 	  || delay_updates || prune_empty_dirs))
 		allow_inc_recurse = 0;
-	else if (am_server && !local_server
-	 && (strchr(client_info, 'i') == NULL))
+	else if (am_server && strchr(client_info, 'i') == NULL)
 		allow_inc_recurse = 0;
 }
 
 void parse_compress_choice(int final_call)
 {
-	if (valid_compressions.negotiated_name)
-		do_compression = valid_compressions.negotiated_num;
+	if (valid_compressions.negotiated_nni)
+		do_compression = valid_compressions.negotiated_nni->num;
 	else if (compress_choice) {
 		struct name_num_item *nni = get_nni_by_name(&valid_compressions, compress_choice, -1);
 		if (!nni) {
@@ -188,8 +204,8 @@ void parse_compress_choice(int final_call)
 		compress_choice = NULL;
 
 	/* Snag the compression name for both write_batch's option output & the following debug output. */
-	if (valid_compressions.negotiated_name)
-		compress_choice = valid_compressions.negotiated_name;
+	if (valid_compressions.negotiated_nni)
+		compress_choice = valid_compressions.negotiated_nni->name;
 	else if (compress_choice == NULL) {
 		struct name_num_item *nni = get_nni_by_num(&valid_compressions, do_compression);
 		compress_choice = nni ? nni->name : "UNKNOWN";
@@ -199,7 +215,7 @@ void parse_compress_choice(int final_call)
 	 && (do_compression != CPRES_NONE || do_compression_level != CLVL_NOT_SPECIFIED)) {
 		rprintf(FINFO, "%s%s compress: %s (level %d)\n",
 			am_server ? "Server" : "Client",
-			valid_compressions.negotiated_name ? " negotiated" : "",
+			valid_compressions.negotiated_nni ? " negotiated" : "",
 			compress_choice, do_compression_level);
 	}
 }
@@ -212,6 +228,8 @@ struct name_num_item *get_nni_by_name(struct name_num_obj *nno, const char *name
 		len = strlen(name);
 
 	for (nni = nno->list; nni->name; nni++) {
+		if (nni->num == CSUM_gone)
+			continue;
 		if (strncasecmp(name, nni->name, len) == 0 && nni->name[len] == '\0')
 			return nni;
 	}
@@ -246,10 +264,12 @@ static void init_nno_saw(struct name_num_obj *nno, int val)
 	if (!nno->saw) {
 		nno->saw = new_array0(uchar, nno->saw_len);
 
-		/* We'll take this opportunity to make sure that the main_name values are set right. */
+		/* We'll take this opportunity to set the main_nni values for duplicates. */
 		for (cnt = 1, nni = nno->list; nni->name; nni++, cnt++) {
+			if (nni->num == CSUM_gone)
+				continue;
 			if (nno->saw[nni->num])
-				nni->main_name = nno->list[nno->saw[nni->num]-1].name;
+				nni->main_nni = &nno->list[nno->saw[nni->num]-1];
 			else
 				nno->saw[nni->num] = cnt;
 		}
@@ -275,8 +295,8 @@ static int parse_nni_str(struct name_num_obj *nno, const char *from, char *tobuf
 				struct name_num_item *nni = get_nni_by_name(nno, tok, to - tok);
 				if (nni && !nno->saw[nni->num]) {
 					nno->saw[nni->num] = ++cnt;
-					if (nni->main_name) {
-						to = tok + strlcpy(tok, nni->main_name, tobuf_len - (tok - tobuf));
+					if (nni->main_nni) {
+						to = tok + strlcpy(tok, nni->main_nni->name, tobuf_len - (tok - tobuf));
 						if (to - tobuf >= tobuf_len) {
 							to = tok - 1;
 							break;
@@ -310,13 +330,44 @@ static int parse_nni_str(struct name_num_obj *nno, const char *from, char *tobuf
 	return to - tobuf;
 }
 
+static int parse_negotiate_str(struct name_num_obj *nno, char *tmpbuf)
+{
+	struct name_num_item *nni, *ret = NULL;
+	int best = nno->saw_len; /* We want best == 1 from the client list, so start with a big number. */
+	char *space, *tok = tmpbuf;
+	while (tok) {
+		while (*tok == ' ') tok++; /* Should be unneeded... */
+		if (!*tok)
+			break;
+		if ((space = strchr(tok, ' ')) != NULL)
+			*space = '\0';
+		nni = get_nni_by_name(nno, tok, -1);
+		if (space) {
+			*space = ' ';
+			tok = space + 1;
+		} else
+			tok = NULL;
+		if (!nni || !nno->saw[nni->num] || best <= nno->saw[nni->num])
+			continue;
+		ret = nni;
+		best = nno->saw[nni->num];
+		if (best == 1 || am_server) /* The server side stops at the first acceptable client choice */
+			break;
+	}
+	if (ret) {
+		free(nno->saw);
+		nno->saw = NULL;
+		nno->negotiated_nni = ret->main_nni ? ret->main_nni : ret;
+		return 1;
+	}
+	return 0;
+}
+
 /* This routine is always called with a tmpbuf of MAX_NSTR_STRLEN length, but the
  * buffer may be pre-populated with a "len" length string to use OR a len of -1
  * to tell us to read a string from the fd. */
 static void recv_negotiate_str(int f_in, struct name_num_obj *nno, char *tmpbuf, int len)
 {
-	struct name_num_item *ret = NULL;
-
 	if (len < 0)
 		len = read_vstring(f_in, tmpbuf, MAX_NSTR_STRLEN);
 
@@ -327,37 +378,8 @@ static void recv_negotiate_str(int f_in, struct name_num_obj *nno, char *tmpbuf,
 			rprintf(FINFO, "Server %s list (on client): %s\n", nno->type, tmpbuf);
 	}
 
-	if (len > 0) {
-		struct name_num_item *nni;
-		int best = nno->saw_len; /* We want best == 1 from the client list, so start with a big number. */
-		char *space, *tok = tmpbuf;
-		while (tok) {
-			while (*tok == ' ') tok++; /* Should be unneeded... */
-			if (!*tok)
-				break;
-			if ((space = strchr(tok, ' ')) != NULL)
-				*space = '\0';
-			nni = get_nni_by_name(nno, tok, -1);
-			if (space) {
-				*space = ' ';
-				tok = space + 1;
-			} else
-				tok = NULL;
-			if (!nni || !nno->saw[nni->num] || best <= nno->saw[nni->num])
-				continue;
-			ret = nni;
-			best = nno->saw[nni->num];
-			if (best == 1 || am_server) /* The server side stops at the first acceptable client choice */
-				break;
-		}
-		if (ret) {
-			free(nno->saw);
-			nno->saw = NULL;
-			nno->negotiated_name = ret->main_name ? ret->main_name : ret->name;
-			nno->negotiated_num = ret->num;
-			return;
-		}
-	}
+	if (len > 0 && parse_negotiate_str(nno, tmpbuf))
+		return;
 
 	if (!am_server || !do_negotiated_strings) {
 		char *cp = tmpbuf;
@@ -389,11 +411,11 @@ static const char *getenv_nstr(int ntype)
 	const char *env_str = getenv(ntype == NSTR_COMPRESS ? "RSYNC_COMPRESS_LIST" : "RSYNC_CHECKSUM_LIST");
 
 	/* When writing a batch file, we always negotiate an old-style choice. */
-	if (write_batch) 
+	if (write_batch)
 		env_str = ntype == NSTR_COMPRESS ? "zlib" : protocol_version >= 30 ? "md5" : "md4";
 
 	if (am_server && env_str) {
-		char *cp = strchr(env_str, '&');
+		const char *cp = strchr(env_str, '&');
 		if (cp)
 			env_str = cp + 1;
 	}
@@ -422,7 +444,7 @@ void validate_choice_vs_env(int ntype, int num1, int num2)
 		nno->saw[CSUM_MD4_ARCHAIC] = nno->saw[CSUM_MD4_BUSTED] = nno->saw[CSUM_MD4_OLD] = nno->saw[CSUM_MD4];
 
 	if (!nno->saw[num1] || (num2 >= 0 && !nno->saw[num2])) {
-		rprintf(FERROR, "Your --%s-choice value (%s) was refused by the server.\n", 
+		rprintf(FERROR, "Your --%s-choice value (%s) was refused by the server.\n",
 			ntype == NSTR_COMPRESS ? "compress" : "checksum",
 			ntype == NSTR_COMPRESS ? compress_choice : checksum_choice);
 		exit_cleanup(RERR_UNSUPPORTED);
@@ -453,8 +475,10 @@ int get_default_nno_list(struct name_num_obj *nno, char *to_buf, int to_buf_len,
 	init_nno_saw(nno, 0);
 
 	for (nni = nno->list, len = 0; nni->name; nni++) {
-		if (nni->main_name) {
-			if (!dup_markup)
+		if (nni->num == CSUM_gone)
+			continue;
+		if (nni->main_nni) {
+			if (!dup_markup || nni->main_nni->num == CSUM_gone)
 				continue;
 			delim = dup_markup;
 		}
@@ -512,6 +536,8 @@ static void negotiate_the_strings(int f_in, int f_out)
 {
 	/* We send all the negotiation strings before we start to read them to help avoid a slow startup. */
 
+	init_checksum_choices();
+
 	if (!checksum_choice)
 		send_negotiate_str(f_out, &valid_checksums, NSTR_CHECKSUM);
 
@@ -541,7 +567,7 @@ static void negotiate_the_strings(int f_in, int f_out)
 	/* If the other side is too old to negotiate, the above steps just made sure that
 	 * the env didn't disallow the old algorithm. Mark things as non-negotiated. */
 	if (!do_negotiated_strings)
-		valid_checksums.negotiated_name = valid_compressions.negotiated_name = NULL;
+		valid_checksums.negotiated_nni = valid_compressions.negotiated_nni = NULL;
 }
 
 void setup_protocol(int f_out,int f_in)
@@ -553,7 +579,9 @@ void setup_protocol(int f_out,int f_in)
 	 * aligned for direct int64-pointer memory access. */
 	if (preserve_atimes)
 		atimes_ndx = (file_extra_cnt += EXTRA64_CNT);
-	if (am_sender) /* This is most likely in the in64 union as well. */
+	if (preserve_crtimes)
+		crtimes_ndx = (file_extra_cnt += EXTRA64_CNT);
+	if (am_sender) /* This is most likely in the file_extras64 union as well. */
 		pathname_ndx = (file_extra_cnt += PTR_EXTRA_CNT);
 	else
 		depth_ndx = ++file_extra_cnt;
@@ -591,7 +619,7 @@ void setup_protocol(int f_out,int f_in)
 	if (remote_protocol < MIN_PROTOCOL_VERSION
 	 || remote_protocol > MAX_PROTOCOL_VERSION) {
 		rprintf(FERROR,"protocol version mismatch -- is your shell clean?\n");
-		rprintf(FERROR,"(see the rsync man page for an explanation)\n");
+		rprintf(FERROR,"(see the rsync manpage for an explanation)\n");
 		exit_cleanup(RERR_PROTOCOL);
 	}
 	if (remote_protocol < OLD_PROTOCOL_VERSION) {
@@ -611,6 +639,9 @@ void setup_protocol(int f_out,int f_in)
 	if (read_batch)
 		check_batch_flags();
 
+	if (!saw_stderr_opt && protocol_version <= 28 && am_server)
+		msgs2stderr = 0; /* The client side may not have stderr setup for us. */
+
 #ifndef SUPPORT_PREALLOCATION
 	if (preallocate_files && !am_sender) {
 		rprintf(FERROR, "preallocation is not supported on this %s\n",
@@ -686,15 +717,17 @@ void setup_protocol(int f_out,int f_in)
 #ifdef ICONV_OPTION
 			compat_flags |= CF_SYMLINK_ICONV;
 #endif
-			if (local_server || strchr(client_info, 'f') != NULL)
+			if (strchr(client_info, 'f') != NULL)
 				compat_flags |= CF_SAFE_FLIST;
-			if (local_server || strchr(client_info, 'x') != NULL)
+			if (strchr(client_info, 'x') != NULL)
 				compat_flags |= CF_AVOID_XATTR_OPTIM;
-			if (local_server || strchr(client_info, 'C') != NULL)
+			if (strchr(client_info, 'C') != NULL)
 				compat_flags |= CF_CHKSUM_SEED_FIX;
-			if (local_server || strchr(client_info, 'I') != NULL)
+			if (strchr(client_info, 'I') != NULL)
 				compat_flags |= CF_INPLACE_PARTIAL_DIR;
-			if (local_server || strchr(client_info, 'v') != NULL) {
+			if (strchr(client_info, 'u') != NULL)
+				compat_flags |= CF_ID0_NAMES;
+			if (strchr(client_info, 'v') != NULL) {
 				do_negotiated_strings = 1;
 				compat_flags |= CF_VARINT_FLIST_FLAGS;
 			}
@@ -714,6 +747,11 @@ void setup_protocol(int f_out,int f_in)
 		want_xattr_optim = protocol_version >= 31 && !(compat_flags & CF_AVOID_XATTR_OPTIM);
 		proper_seed_order = compat_flags & CF_CHKSUM_SEED_FIX ? 1 : 0;
 		xfer_flags_as_varint = compat_flags & CF_VARINT_FLIST_FLAGS ? 1 : 0;
+		xmit_id0_names = compat_flags & CF_ID0_NAMES ? 1 : 0;
+		if (!xfer_flags_as_varint && preserve_crtimes) {
+			fprintf(stderr, "Both rsync versions must be at least 3.2.0 for --crtimes.\n");
+			exit_cleanup(RERR_PROTOCOL);
+		}
 		if (am_sender) {
 			receiver_symlink_times = am_server
 			    ? strchr(client_info, 'L') != NULL
@@ -725,7 +763,7 @@ void setup_protocol(int f_out,int f_in)
 #endif
 #ifdef ICONV_OPTION
 		sender_symlink_iconv = iconv_opt && (am_server
-		    ? local_server || strchr(client_info, 's') != NULL
+		    ? strchr(client_info, 's') != NULL
 		    : !!(compat_flags & CF_SYMLINK_ICONV));
 #endif
 		if (inc_recurse && !allow_inc_recurse) {
@@ -778,11 +816,77 @@ void setup_protocol(int f_out,int f_in)
 		checksum_seed = read_int(f_in);
 	}
 
-	parse_checksum_choice(1); /* Sets checksum_type & xfersum_type */
+	parse_checksum_choice(1); /* Sets file_sum_nni & xfer_sum_nni */
 	parse_compress_choice(1); /* Sets do_compression */
 
+	/* TODO in the future allow this algorithm to be chosen somehow, but it can't get too
+	 * long or the size starts to cause a problem in the xattr abbrev/non-abbrev code. */
+	xattr_sum_nni = parse_csum_name(NULL, 0);
+	xattr_sum_len = csum_len_for_type(xattr_sum_nni->num, 0);
+
 	if (write_batch && !am_server)
 		write_batch_shell_file();
 
 	init_flist();
 }
+
+void output_daemon_greeting(int f_out, int am_client)
+{
+	char tmpbuf[MAX_NSTR_STRLEN];
+	int our_sub = get_subprotocol_version();
+
+	init_checksum_choices();
+
+	get_default_nno_list(&valid_auth_checksums, tmpbuf, MAX_NSTR_STRLEN, '\0');
+
+	io_printf(f_out, "@RSYNCD: %d.%d %s\n", protocol_version, our_sub, tmpbuf);
+
+	if (am_client && DEBUG_GTE(NSTR, 2))
+		rprintf(FINFO, "Client %s list (on client): %s\n", valid_auth_checksums.type, tmpbuf);
+}
+
+void negotiate_daemon_auth(int f_out, int am_client)
+{
+	char tmpbuf[MAX_NSTR_STRLEN];
+	int save_am_server = am_server;
+	int md4_is_old = 0;
+
+	if (!am_client)
+		am_server = 1;
+
+	if (daemon_auth_choices)
+		strlcpy(tmpbuf, daemon_auth_choices, MAX_NSTR_STRLEN);
+	else {
+		strlcpy(tmpbuf, protocol_version >= 30 ? "md5" : "md4", MAX_NSTR_STRLEN);
+		md4_is_old = 1;
+	}
+
+	if (am_client) {
+		recv_negotiate_str(-1, &valid_auth_checksums, tmpbuf, strlen(tmpbuf));
+		if (DEBUG_GTE(NSTR, 1)) {
+			rprintf(FINFO, "Client negotiated %s: %s\n", valid_auth_checksums.type,
+				valid_auth_checksums.negotiated_nni->name);
+		}
+	} else {
+		if (!parse_negotiate_str(&valid_auth_checksums, tmpbuf)) {
+			get_default_nno_list(&valid_auth_checksums, tmpbuf, MAX_NSTR_STRLEN, '\0');
+			io_printf(f_out, "@ERROR: your client does not support one of our daemon-auth checksums: %s\n",
+				  tmpbuf);
+			exit_cleanup(RERR_UNSUPPORTED);
+		}
+	}
+	am_server = save_am_server;
+	if (md4_is_old && valid_auth_checksums.negotiated_nni->num == CSUM_MD4) {
+		valid_auth_checksums.negotiated_nni->num = CSUM_MD4_OLD;
+		valid_auth_checksums.negotiated_nni->flags = 0;
+	}
+}
+
+int get_subprotocol_version()
+{
+#if SUBPROTOCOL_VERSION != 0
+	return protocol_version < PROTOCOL_VERSION ? 0 : SUBPROTOCOL_VERSION;
+#else
+	return 0;
+#endif
+}

csprotocol.txt

@@ -7,39 +7,54 @@ basically a summary of clientserver.c and authenticate.c.
 This is the protocol used for rsync --daemon; i.e. connections to port
 873 rather than invocations over a remote shell.
 
-When the server accepts a connection, it prints a greeting
+When the server accepts a connection, it prints a newline-terminated
+greeting line:
 
-  @RSYNCD: <version>.<subprotocol>
+  @RSYNCD: <version>.<subprotocol> <digest1> <digestN>
 
-where <version> is the numeric version (see PROTOCOL_VERSION in rsync.h)
-'.' is a literal period, and <subprotocol> is the numeric subprotocol
-version (see SUBPROTOCOL_VERSION -- it will be 0 for final releases).
-Protocols prior to 30 only output <version> alone.  The daemon expects
-to see a similar greeting back from the client.  For protocols prior to
-30, an absent ".<subprotocol>" value is assumed to be 0.  For protocol
-30, an absent value is a fatal error.  The daemon then follows this line
-with a free-format text message-of-the-day (if any is defined).
+The <version> is the numeric version (see PROTOCOL_VERSION in rsync.h)
+The <subprotocol> is the numeric subprotocol version (which is 0 for a
+final protocol version, as the SUBPROTOCOL_VERSION define discusses).
+The <digestN> names are the authentication digest algorithms that the
+daemon supports, listed in order of preference.
+
+An rsync prior to 3.2.7 omits the digest names.  An rsync prior to 3.0.0
+also omits the period and the <subprotocol> value.  Since a final
+protocol has a subprotocol value of 0, a missing subprotocol value is
+assumed to be 0 for any protocol prior to 30.  It is considered a fatal
+error for protocol 30 and above to omit it.  It is considered a fatal
+error for protocol 32 and above to omit the digest name list (currently
+31 is the newest protocol).
+
+The daemon expects to see a similar greeting line back from the client.
+Once received, the daemon follows the opening line with a free-format
+text message-of-the-day (if any is defined).
 
 The server is now in the connected state.  The client can either send
-the command
+the command:
 
   #list
 
-to get a listing of modules, or the name of a module.  After this, the
+(to get a listing of modules) or the name of a module.  After this, the
 connection is now bound to a particular module.  Access per host for
 this module is now checked, as is per-module connection limits.
 
-If authentication is required to use this module, the server will say
+If authentication is required to use this module, the server will say:
 
   @RSYNCD: AUTHREQD <challenge>
 
 where <challenge> is a random string of base64 characters.  The client
-must respond with
+must respond with:
 
   <user> <response>
 
-where <user> is the username they claim to be, and <response> is the
-base64 form of the MD4 hash of challenge+password.
+The <user> is the username they claim to be. The <response> is the
+base64 form of the digest hash of the challenge+password string. The
+chosen digest method is the most preferred client method that is also in
+the server's list.  If no digest list was explicitly provided, the side
+expecting a list assumes the other side provided either the single name
+"md5" (for a negotiated protocol 30 or 31), or the single name "md4"
+(for an older protocol).
 
 At this point the server applies all remaining constraints before
 handing control to the client, including switching uid/gid, setting up
@@ -76,6 +91,13 @@ stay tuned (or write it yourself!).
 ------------
 Protocol version changes
 
+31	(2013-09-28, 3.1.0)
+
+	Initial release of protocol 31 had no changes.  Rsync 3.2.7
+	introduced the suffixed list of digest names on the greeting
+	line.  The presence of the list is allowed even if the greeting
+	indicates an older protocol version number.
+
 30	(2007-10-04, 3.0.0pre1)
 
 	The use of a ".<subprotocol>" number was added to

daemon-parm.awk

@@ -0,0 +1,114 @@
+#!/usr/bin/awk -f
+
+# The caller must pass arg: daemon-parm.txt
+# The resulting code is output into daemon-parm.h
+
+BEGIN {
+    heading = "/* DO NOT EDIT THIS FILE!  It is auto-generated from a list of values in " ARGV[1] "! */\n\n"
+    sect = psect = defines = accessors = prior_ptype = ""
+    parms = "\nstatic const struct parm_struct parm_table[] = {"
+    comment_fmt = "\n/********** %s **********/\n"
+    tdstruct = "typedef struct {"
+}
+
+/^\s*$/ { next }
+/^#/ { next }
+
+/^Globals:/ {
+    if (defines != "") {
+	print "The Globals section must come first!"
+	defines = ""
+	exit
+    }
+    defines = tdstruct
+    values = "\nstatic const all_vars Defaults = {\n    { /* Globals: */\n"
+    exps = exp_values = sprintf(comment_fmt, "EXP")
+    sect = "GLOBAL"
+    psect = ", P_GLOBAL, &Vars.g."
+    next
+}
+
+/^Locals:/ {
+    if (sect == "") {
+	print "The Locals section must come after the Globals!"
+	exit
+    }
+    defines = defines exps "} global_vars;\n\n" tdstruct
+    values = values exp_values "\n    }, { /* Locals: */\n"
+    exps = exp_values = sprintf(comment_fmt, "EXP")
+    sect = "LOCAL"
+    psect = ", P_LOCAL, &Vars.l."
+    next
+}
+
+/^(STRING|CHAR|PATH|INTEGER|ENUM|OCTAL|BOOL|BOOLREV|BOOL3)[ \t]/ {
+    ptype = $1
+    name = $2
+    $1 = $2 = ""
+    sub(/^[ \t]+/, "")
+
+    if (ptype != prior_ptype) {
+	comment = sprintf(comment_fmt, ptype)
+	defines = defines comment
+	values = values comment
+	parms = parms "\n"
+	accessors = accessors "\n"
+	prior_ptype = ptype
+    }
+
+    if (ptype == "STRING" || ptype == "PATH") {
+	atype = "STRING"
+	vtype = "char*"
+    } else if (ptype ~ /BOOL/) {
+	atype = vtype = "BOOL"
+    } else if (ptype == "CHAR") {
+	atype = "CHAR"
+	vtype = "char"
+    } else {
+	atype = "INTEGER"
+	vtype = "int"
+    }
+
+    # The name might be var_name|public_name
+    pubname = name
+    sub(/\|.*/, "", name)
+    sub(/.*\|/, "", pubname)
+    gsub(/_/, " ", pubname)
+    gsub(/-/, "", name)
+
+    if (ptype == "ENUM")
+	enum = "enum_" name
+    else
+	enum = "NULL"
+
+    defines = defines "\t" vtype " " name ";\n"
+    values = values "\t" $0 ", /* " name " */\n"
+    parms = parms " {\"" pubname "\", P_" ptype psect name ", " enum ", 0},\n"
+    accessors = accessors "FN_" sect "_" atype "(lp_" name ", " name ")\n"
+
+    if (vtype == "char*") {
+	exps = exps "\tBOOL " name "_EXP;\n"
+	exp_values = exp_values "\tFalse, /* " name "_EXP */\n"
+    }
+
+    next
+}
+
+/./ {
+    print "Extraneous line:" $0
+    defines = ""
+    exit
+}
+
+END {
+    if (sect != "" && defines != "") {
+	defines = defines exps "} local_vars;\n\n"
+	defines = defines tdstruct "\n\tglobal_vars g;\n\tlocal_vars l;\n} all_vars;\n"
+	values = values exp_values "\n    }\n};\n\nstatic all_vars Vars;\n"
+	parms = parms "\n {NULL, P_BOOL, P_NONE, NULL, NULL, 0}\n};\n"
+	print heading defines values parms accessors > "daemon-parm.h"
+    } else {
+	print "Failed to parse the data in " ARGV[1]
+	exit 1
+    }
+}

daemon-parm.txt

@@ -0,0 +1,68 @@
+Globals: ================================================================
+
+STRING	bind_address|address	NULL
+STRING	daemon_chroot		NULL
+STRING	daemon_gid		NULL
+STRING	daemon_uid		NULL
+STRING	motd_file		NULL
+STRING	pid_file		NULL
+STRING	socket_options		NULL
+
+INTEGER	listen_backlog		5
+INTEGER	rsync_port|port		0
+
+BOOL	proxy_protocol		False
+
+Locals: =================================================================
+
+STRING	auth_users		NULL
+STRING	charset			NULL
+STRING	comment			NULL
+STRING	dont_compress		DEFAULT_DONT_COMPRESS
+STRING	early_exec		NULL
+STRING	exclude			NULL
+STRING	exclude_from		NULL
+STRING	filter			NULL
+STRING	gid			NULL
+STRING	hosts_allow		NULL
+STRING	hosts_deny		NULL
+STRING	include			NULL
+STRING	include_from		NULL
+STRING	incoming_chmod		NULL
+STRING	lock_file		DEFAULT_LOCK_FILE
+STRING	log_file		NULL
+STRING	log_format		"%o %h [%a] %m (%u) %f %l"
+STRING	name			NULL
+STRING	name_converter		NULL
+STRING	outgoing_chmod		NULL
+STRING	post-xfer_exec		NULL
+STRING	pre-xfer_exec		NULL
+STRING	refuse_options		NULL
+STRING	secrets_file		NULL
+STRING	syslog_tag		"rsyncd"
+STRING	uid			NULL
+
+PATH	path			NULL
+PATH	temp_dir		NULL
+
+INTEGER	max_connections		0
+INTEGER	max_verbosity		1
+INTEGER	timeout			0
+
+ENUM	syslog_facility		LOG_DAEMON
+
+BOOL	fake_super		False
+BOOL	forward_lookup		True
+BOOL	ignore_errors		False
+BOOL	ignore_nonreadable	False
+BOOL	list			True
+BOOL	read_only		True
+BOOL	reverse_lookup		True
+BOOL	strict_modes		True
+BOOL	transfer_logging	False
+BOOL	write_only		False
+
+BOOL3	munge_symlinks		Unset
+BOOL3	numeric_ids		Unset
+BOOL3	open_noatime		Unset
+BOOL3	use_chroot		Unset

delete.c

@@ -4,7 +4,7 @@
  * Copyright (C) 1996-2000 Andrew Tridgell
  * Copyright (C) 1996 Paul Mackerras
  * Copyright (C) 2002 Martin Pool <mbp@samba.org>
- * Copyright (C) 2003-2020 Wayne Davison
+ * Copyright (C) 2003-2024 Wayne Davison
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -98,7 +98,7 @@ static enum delret delete_dir_contents(char *fname, uint16 flags)
 
 		strlcpy(p, fp->basename, remainder);
 		if (!(fp->mode & S_IWUSR) && !am_root && fp->flags & FLAG_OWNED_BY_US)
-			do_chmod(fname, fp->mode | S_IWUSR);
+			do_chmod_at(fname, fp->mode | S_IWUSR);
 		/* Save stack by recursing to ourself directly. */
 		if (S_ISDIR(fp->mode)) {
 			if (delete_dir_contents(fname, flags | DEL_RECURSE) != DR_SUCCESS)
@@ -139,7 +139,7 @@ enum delret delete_item(char *fbuf, uint16 mode, uint16 flags)
 	}
 
 	if (flags & DEL_NO_UID_WRITE)
-		do_chmod(fbuf, mode | S_IWUSR);
+		do_chmod_at(fbuf, mode | S_IWUSR);
 
 	if (S_ISDIR(mode) && !(flags & DEL_DIR_IS_EMPTY)) {
 		/* This only happens on the first call to delete_item() since
@@ -160,7 +160,7 @@ enum delret delete_item(char *fbuf, uint16 mode, uint16 flags)
 
 	if (S_ISDIR(mode)) {
 		what = "rmdir";
-		ok = do_rmdir(fbuf) == 0;
+		ok = do_rmdir_at(fbuf) == 0;
 	} else {
 		if (make_backups > 0 && !(flags & DEL_FOR_BACKUP) && (backup_dir || !is_backup_file(fbuf))) {
 			what = "make_backup";
@@ -188,7 +188,7 @@ enum delret delete_item(char *fbuf, uint16 mode, uint16 flags)
 				stats.deleted_symlinks++;
 #endif
 			else if (IS_DEVICE(mode))
-				stats.deleted_symlinks++;
+				stats.deleted_devices++;
 			else
 				stats.deleted_specials++;
 		}

doc/README-SGML

@@ -1,20 +0,0 @@
-Handling the rsync SGML documentation
-
-rsync documentation is now primarily in Docbook format.  Docbook is an
-SGML/XML documentation format that is becoming standard on free
-operating systems.  It's also used for Samba documentation.
-
-The SGML files are source code that can be translated into various
-useful output formats, primarily PDF, HTML, Postscript and plain text.  
-
-To do this transformation on Debian, you should install the
-docbook-utils package.  Having done that, you can say 
-
-  docbook2pdf rsync.sgml
-
-and so on.
-
-On other systems you probably need James Clark's "sp" and "JadeTeX"
-packages.  Work it out for yourself and send a note to the mailing
-list.
-

doc/profile.txt

@@ -1,42 +0,0 @@
-Notes on rsync profiling
-
-strlcpy is hot:
-
-                0.00    0.00       1/7735635     push_dir [68]
-                0.00    0.00       1/7735635     pop_dir [71]
-                0.00    0.00       1/7735635     send_file_list [15]
-                0.01    0.00   18857/7735635     send_files [4]
-                0.04    0.00  129260/7735635     send_file_entry [18]
-                0.04    0.00  129260/7735635     make_file [20]
-                0.04    0.00  141666/7735635     send_directory <cycle 1> [36]
-                2.29    0.00 7316589/7735635     f_name [13]
-[14]    11.7    2.42    0.00 7735635         strlcpy [14]
-
-
-Here's the top few functions:
-
- 46.23      9.57     9.57 13160929     0.00     0.00  mdfour64
- 14.78     12.63     3.06 13160929     0.00     0.00  copy64
- 11.69     15.05     2.42  7735635     0.00     0.00  strlcpy
- 10.05     17.13     2.08    41438     0.05     0.38  sum_update
-  4.11     17.98     0.85 13159996     0.00     0.00  mdfour_update
-  1.50     18.29     0.31                             file_compare
-  1.45     18.59     0.30   129261     0.00     0.01  send_file_entry
-  1.23     18.84     0.26  2557585     0.00     0.00  f_name
-  1.11     19.07     0.23  1483750     0.00     0.00  u_strcmp
-  1.11     19.30     0.23   118129     0.00     0.00  writefd_unbuffered
-  0.92     19.50     0.19  1085011     0.00     0.00  writefd
-  0.43     19.59     0.09   156987     0.00     0.00  read_timeout
-  0.43     19.68     0.09   129261     0.00     0.00  clean_fname
-  0.39     19.75     0.08    32887     0.00     0.38  matched
-  0.34     19.82     0.07        1    70.00 16293.92  send_files
-  0.29     19.89     0.06   129260     0.00     0.00  make_file
-  0.29     19.95     0.06    75430     0.00     0.00  read_unbuffered
-
-
-
-mdfour could perhaps be made faster:
-
-/* NOTE: This code makes no attempt to be fast!  */
-
-There might be an optimized version somewhere that we can borrow.

doc/rsync.sgml

@@ -1,351 +0,0 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
-<book id="rsync">
-  <bookinfo>
-    <title>rsync</title>
-    <copyright>
-      <year>1996 -- 2002</year>
-      <holder>Martin Pool</holder>
-      <holder>Andrew Tridgell</holder>
-    </copyright>
-    <author>
-      <firstname>Martin</firstname>
-      <surname>Pool</surname>
-    </author>
-  </bookinfo>
-
-  <chapter>
-    <title>Introduction</title>
-
-    <para>rsync is a flexible program for efficiently copying files or
-      directory trees.
-
-    <para>rsync has many options to select which files will be copied
-      and how they are to be transferred.  It may be used as an
-      alternative to ftp, http, scp or rcp.
-
-    <para>The rsync remote-update protocol allows rsync to transfer just
-      the differences between two sets of files across the network link,
-      using an efficient checksum-search algorithm described in the
-      technical report that accompanies this package.</para>
-
-    <para>Some of the additional features of rsync are:</para>
-
-    <itemizedlist>
-      
-      <listitem>
-	<para>support for copying links, devices, owners, groups and
-	  permissions
-	</para>
-      </listitem>
-      
-      <listitem>
-	<para>
-	  exclude and exclude-from options similar to GNU tar
-	</para>
-      </listitem>
-
-      <listitem>
-	<para>
-	  a CVS exclude mode for ignoring the same files that CVS would ignore
-      </listitem>
-
-      <listitem>
-	<para>
-	  can use any transparent remote shell, including rsh or ssh
-      </listitem>
-
-      <listitem>
-	<para>
-	  does not require root privileges
-      </listitem>
-
-      <listitem>
-	<para>
-	  pipelining of file transfers to minimize latency costs
-      </listitem>
-		
-      <listitem>
-	<para>
-	  support for anonymous or authenticated rsync servers (ideal for
-	  mirroring)
-	</para>
-      </listitem>
-    </itemizedlist>
-  </chapter>
-
-
-
-  <chapter>
-    <title>Using rsync</title>
-    <section>
-      <title>
-	Introductory example
-      </title>
-      
-      <para>
-	Probably the most common case of rsync usage is to copy files
-	to or from a remote machine using
-	<application>ssh</application> as a network transport.  In
-	this situation rsync is a good alternative to
-	<application>scp</application>.
-      </para>
-
-      <para>
-	The most commonly used arguments for rsync are
-      </para>
-
-      <variablelist>
-	<varlistentry>
-	  <term><option>-v</option></term>
-	  <listitem>
-	    <para>Be verbose.  Primarily, display the name of each file as it is copied.</para>
-	  </listitem>
-	</varlistentry>
-
-
-	<varlistentry>
-	  <term><option>-a</option></term>
-	  <listitem>
-	    <para>
-	      Reproduce the structure and attributes of the origin files as exactly
-	      as possible: this includes copying subdirectories, symlinks, special
-	      files, ownership and permissions.  (@xref{Attributes to
-	      copy}.)
-	    </para>
-	  </listitem>
-	</varlistentry>
-      </variablelist>
-
-
-	
-      <para><option>-v </option>
-      
-      <para><option>-z</option>
-	Compress network traffic, using a modified version of the
-	@command{zlib} library.</para>
-      
-      <para><option>-P</option>
-	Display a progress indicator while files are transferred.  This should
-	normally be omitted if rsync is not run on a terminal.
-      </para>
-    </section>
-
-
-
-
-    <section>
-      <title>Local and remote</title>
-      
-      <para>There are six different ways of using rsync. They
-      are:</para>
-
-      
-
-      <!-- one of (CALLOUTLIST GLOSSLIST ITEMIZEDLIST ORDEREDLIST SEGMENTEDLIST SIMPLELIST VARIABLELIST CAUTION IMPORTANT NOTE TIP WARNING LITERALLAYOUT PROGRAMLISTING PROGRAMLISTINGCO SCREEN SCREENCO SCREENSHOT SYNOPSIS CMDSYNOPSIS FUNCSYNOPSIS CLASSSYNOPSIS FIELDSYNOPSIS CONSTRUCTORSYNOPSIS DESTRUCTORSYNOPSIS METHODSYNOPSIS FORMALPARA PARA SIMPARA ADDRESS BLOCKQUOTE GRAPHIC GRAPHICCO MEDIAOBJECT MEDIAOBJECTCO INFORMALEQUATION INFORMALEXAMPLE INFORMALFIGURE INFORMALTABLE EQUATION EXAMPLE FIGURE TABLE MSGSET PROCEDURE SIDEBAR QANDASET ANCHOR BRIDGEHEAD REMARK HIGHLIGHTS ABSTRACT AUTHORBLURB EPIGRAPH INDEXTERM REFENTRY SECTION) -->
-      <orderedlist>
-	<listitem>
-	  <para>
-	    for copying local files. This is invoked when neither
-	    source nor destination path contains a @code{:} separator
-
-	<listitem>
-	  <para>
-	    for copying from the local machine to a remote machine using
-	    a remote shell program as the transport (such as rsh or
-	    ssh). This is invoked when the destination path contains a
-	    single @code{:} separator.
-
-	<listitem>
-	  <para>
-	    for copying from a remote machine to the local machine
-	    using a remote shell program. This is invoked when the source
-	    contains a @code{:} separator.
-
-	<listitem>
-	  <para>
-	    for copying from a remote rsync server to the local
-	    machine. This is invoked when the source path contains a @code{::}
-	    separator or a @code{rsync://} URL.
-
-	<listitem>
-	  <para>
-	    for copying from the local machine to a remote rsync
-	    server. This is invoked when the destination path contains a @code{::}
-	    separator.
-
-	<listitem>
-	  <para>
-	    for listing files on a remote machine. This is done the
-	    same way as rsync transfers except that you leave off the
-	    local destination.  
-
-	</listitem>
-      </orderedlist>
-	  <para>
-Note that in all cases (other than listing) at least one of the source
-and destination paths must be local.
-
-	  <para>
-Any one invocation of rsync makes a copy in a single direction.  rsync
-currently has no equivalent of @command{ftp}'s interactive mode.
-
-@cindex @sc{nfs}
-@cindex network filesystems
-@cindex remote filesystems
-
-	  <para>
-rsync's network protocol is generally faster at copying files than
-network filesystems such as @sc{nfs} or @sc{cifs}.  It is better to
-run rsync on the file server either as a daemon or over ssh than
-running rsync giving the network directory.
-      </para>
-    </section>
-  </chapter>
-
-
-
-  <chapter>
-    <title>Frequently asked questions</title>
-
-    
-    <!-- one of (CALLOUTLIST GLOSSLIST ITEMIZEDLIST ORDEREDLIST SEGMENTEDLIST SIMPLELIST VARIABLELIST CAUTION IMPORTANT NOTE TIP WARNING LITERALLAYOUT PROGRAMLISTING PROGRAMLISTINGCO SCREEN SCREENCO SCREENSHOT SYNOPSIS CMDSYNOPSIS FUNCSYNOPSIS CLASSSYNOPSIS FIELDSYNOPSIS CONSTRUCTORSYNOPSIS DESTRUCTORSYNOPSIS METHODSYNOPSIS FORMALPARA PARA SIMPARA ADDRESS BLOCKQUOTE GRAPHIC GRAPHICCO MEDIAOBJECT MEDIAOBJECTCO INFORMALEQUATION INFORMALEXAMPLE INFORMALFIGURE INFORMALTABLE EQUATION EXAMPLE FIGURE TABLE MSGSET PROCEDURE SIDEBAR QANDASET ANCHOR BRIDGEHEAD REMARK HIGHLIGHTS ABSTRACT AUTHORBLURB EPIGRAPH INDEXTERM SECTION SIMPLESECT REFENTRY SECT1) -->
-    <qandaset>
-      <!-- one of (QANDADIV QANDAENTRY) -->
-
-      <qandaentry>
-	<question>
-	  <!-- one of (CALLOUTLIST GLOSSLIST ITEMIZEDLIST ORDEREDLIST
-	  SEGMENTEDLIST SIMPLELIST VARIABLELIST CAUTION IMPORTANT NOTE
-	  TIP WARNING LITERALLAYOUT PROGRAMLISTING PROGRAMLISTINGCO
-	  SCREEN SCREENCO SCREENSHOT SYNOPSIS CMDSYNOPSIS FUNCSYNOPSIS
-	  CLASSSYNOPSIS FIELDSYNOPSIS CONSTRUCTORSYNOPSIS
-	  DESTRUCTORSYNOPSIS METHODSYNOPSIS FORMALPARA PARA SIMPARA
-	  ADDRESS BLOCKQUOTE GRAPHIC GRAPHICCO MEDIAOBJECT
-	  MEDIAOBJECTCO INFORMALEQUATION INFORMALEXAMPLE
-	  INFORMALFIGURE INFORMALTABLE EQUATION EXAMPLE FIGURE TABLE
-	  PROCEDURE ANCHOR BRIDGEHEAD REMARK HIGHLIGHTS INDEXTERM) -->
-	  <para>Are there mailing lists for rsync?
-	</question>
-
-	<answer>
-	  <para>Yes, and you can subscribe and unsubscribe through a
-	  web interface at
-	    <ulink
-	      url="http://lists.samba.org/">http://lists.samba.org/</ulink>
-	  </para>
-
-	  <para>
-	    If you are having trouble with the mailing list, please
-	    send mail to the administrator
-	    
-	    <email>rsync-admin@lists.samba.org</email>
-
-	    not to the list itself.
-	  </para>
-
-	  <para>
-	    The mailing list archives are searchable.  Use 
-	    <ulink url="http://google.com/">Google</ulink> and prepend
-	    the search with <userinput>site:lists.samba.org
-	    rsync</userinput>, plus relevant keywords.
-	  </para>
-	</answer>
-      </qandaentry>
-
-
-      <qandaentry>
-	<question>
-	  <para>
-	    Why is rsync so much bigger when I build it with
-	    <command>gcc</command>?
-	  </para>
-	</question>
-	<answer>
-	  <para>
-	    On gcc, rsync builds by default with debug symbols
-	    included.  If you strip both executables, they should end
-	    up about the same size.  (Use <command>make
-	    install-strip</command>.)
-	  </para>
-	</answer>
-      </qandaentry>
-
-      
-      <qandaentry>
-	<question>
-	  <para>Is rsync useful for a single large file like an ISO image?</para>
-	</question>
-	<answer>
-	  <para>
-	    Yes, but note the following:
-
-	  <para>
-   Background: A common use of rsync is to update a file (or set of files) in one location from a more
-   correct or up-to-date copy in another location, taking advantage of portions of the files that are
-   identical to speed up the process. (Note that rsync will transfer a file in its entirety if no copy
-   exists at the destination.)
-
-	  <para>
-   (This discussion is written in terms of updating a local copy of a file from a correct file in a
-   remote location, although rsync can work in either direction.)
-
-	  <para>
-   The file to be updated (the local file) must be in a destination directory that has enough space for
-   two copies of the file. (In addition, keep an extra copy of the file to be updated in a different
-   location for safety -- see the discussion (below) about rsync's behavior when the rsync process is
-   interrupted before completion.)
-
-	  <para>
-   The local file must have the same name as the remote file being sync'd to (I think?). If you are
-   trying to upgrade an iso from, for example, beta1 to beta2, rename the local file to the same name
-   as the beta2 file. *(This is a useful thing to do -- only the changed portions will be
-   transmitted.)*
-
-	  <para>
-   The extra copy of the local file kept in a different location is because of rsync's behavior if
-   interrupted before completion:
-
-	  <para>
-   * If you specify the --partial option and rsync is interrupted, rsync will save the partially
-   rsync'd file and throw away the original local copy. (The partially rsync'd file is correct but
-   truncated.) If rsync is restarted, it will not have a local copy of the file to check for duplicate
-   blocks beyond the section of the file that has already been rsync'd, thus the remainder of the rsync
-   process will be a "pure transfer" of the file rather than taking advantage of the rsync algorithm.
-
-	  <para>
-   * If you don't specify the --partial option and rsync is interrupted, rsync will throw away the
-   partially rsync'd file, and, when rsync is restarted starts the rsync process over from the
-   beginning.
-
-	  <para>
-   Which of these is most desirable depends on the degree of commonality between the local and remote
-   copies of the file *and how much progress was made before the interruption*.
-
-	  <para>
-   The ideal approach after an interruption would be to create a new file by taking the original file
-   and deleting a portion equal in size to the portion already rsync'd and then appending *the
-   remaining* portion to the portion of the file that has already been rsync'd. (There has been some
-   discussion about creating an option to do this automatically.)
-
-   The --compare-dest option is useful when transferring multiple files, but is of no benefit in
-   transferring a single file. (AFAIK)
-
-   *Other potentially useful information can be found at:
-   -[3]http://twiki.org/cgi-bin/view/Wikilearn/RsyncingALargeFile
-
-   This answer, formatted with "real" bullets, can be found at:
-   -[4]http://twiki.org/cgi-bin/view/Wikilearn/RsyncingALargeFileFAQ*
-
-	  </para>
-	</answer>
-      </qandaentry>
-    </qandaset>
-  </chapter>
-
-
-  <appendix>
-    <title>Other Resources</title>
-    
-    <para><ulink url="http://www.ccp14.ac.uk/ccp14admin/rsync/"></ulink></para>
-  </appendix>
-</book>

exclude.c

@@ -4,7 +4,7 @@
  * Copyright (C) 1996-2001 Andrew Tridgell <tridge@samba.org>
  * Copyright (C) 1996 Paul Mackerras
  * Copyright (C) 2002 Martin Pool
- * Copyright (C) 2003-2020 Wayne Davison
+ * Copyright (C) 2003-2024 Wayne Davison
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -21,21 +21,25 @@
  */
 
 #include "rsync.h"
-#include "default-cvsignore.h"
 #include "ifuncs.h"
 
 extern int am_server;
 extern int am_sender;
+extern int am_generator;
 extern int eol_nulls;
 extern int io_error;
+extern int xfer_dirs;
+extern int recurse;
 extern int local_server;
 extern int prune_empty_dirs;
 extern int ignore_perishable;
+extern int relative_paths;
 extern int delete_mode;
 extern int delete_excluded;
 extern int cvs_exclude;
 extern int sanitize_paths;
 extern int protocol_version;
+extern int trust_sender_args;
 extern int module_id;
 
 extern char curr_dir[MAXPATHLEN];
@@ -45,8 +49,11 @@ extern unsigned int module_dirlen;
 filter_rule_list filter_list = { .debug_type = "" };
 filter_rule_list cvs_filter_list = { .debug_type = " [global CVS]" };
 filter_rule_list daemon_filter_list = { .debug_type = " [daemon]" };
+filter_rule_list implied_filter_list = { .debug_type = " [implied]" };
 
 int saw_xattr_filter = 0;
+int trust_sender_args = 0;
+int trust_sender_filter = 0;
 
 /* Need room enough for ":MODS " prefix plus some room to grow. */
 #define MAX_RULE_PREFIX (16)
@@ -71,6 +78,10 @@ static filter_rule **mergelist_parents;
 static int mergelist_cnt = 0;
 static int mergelist_size = 0;
 
+#define LOCAL_RULE   1
+#define REMOTE_RULE  2
+static uchar cur_elide_value = REMOTE_RULE;
+
 /* Each filter_list_struct describes a singly-linked list by keeping track
  * of both the head and tail pointers.  The list is slightly unusual in that
  * a parent-dir's content can be appended to the end of the local list in a
@@ -153,13 +164,17 @@ static void add_rule(filter_rule_list *listp, const char *pat, unsigned int pat_
 {
 	const char *cp;
 	unsigned int pre_len, suf_len, slash_cnt = 0;
+	char *mention_rule_suffix;
 
-	if (DEBUG_GTE(FILTER, 2)) {
-		rprintf(FINFO, "[%s] add_rule(%s%.*s%s)%s\n",
+	if (DEBUG_GTE(FILTER, 1) && pat_len && (pat[pat_len-1] == ' ' || pat[pat_len-1] == '\t'))
+		mention_rule_suffix = " -- CAUTION: trailing whitespace!";
+	else
+		mention_rule_suffix = DEBUG_GTE(FILTER, 2) ? "" : NULL;
+	if (mention_rule_suffix) {
+		rprintf(FINFO, "[%s] add_rule(%s%.*s%s)%s%s\n",
 			who_am_i(), get_rule_prefix(rule, pat, 0, NULL),
-			(int)pat_len, pat,
-			(rule->rflags & FILTRULE_DIRECTORY) ? "/" : "",
-			listp->debug_type);
+			(int)pat_len, pat, (rule->rflags & FILTRULE_DIRECTORY) ? "/" : "",
+			listp->debug_type, mention_rule_suffix);
 	}
 
 	/* These flags also indicate that we're reading a list that
@@ -209,6 +224,7 @@ static void add_rule(filter_rule_list *listp, const char *pat, unsigned int pat_
 				slash_cnt++;
 		}
 	}
+	rule->elide = 0;
 	strlcpy(rule->pattern + pre_len, pat, pat_len + 1);
 	pat_len += pre_len;
 	if (suf_len) {
@@ -289,6 +305,271 @@ static void add_rule(filter_rule_list *listp, const char *pat, unsigned int pat_
 	}
 }
 
+/* If the wildcards failed, the remote shell might give us a file matching the literal
+ * wildcards.  Since "*" & "?" already match themselves, this just needs to deal with
+ * failed "[foo]" idioms.
+ */
+static void maybe_add_literal_brackets_rule(filter_rule const *based_on, int arg_len)
+{
+	filter_rule *rule;
+	const char *arg = based_on->pattern, *cp;
+	char *p;
+	int cnt = 0;
+
+	if (arg_len < 0)
+		arg_len = strlen(arg);
+
+	for (cp = arg; *cp; cp++) {
+		if (*cp == '\\' && cp[1]) {
+			cp++;
+		} else if (*cp == '[')
+			cnt++;
+	}
+	if (!cnt)
+		return;
+
+	rule = new0(filter_rule);
+	rule->rflags = based_on->rflags;
+	rule->u.slash_cnt = based_on->u.slash_cnt;
+	p = rule->pattern = new_array(char, arg_len + cnt + 1);
+	for (cp = arg; *cp; ) {
+		if (*cp == '\\' && cp[1]) {
+			*p++ = *cp++;
+		} else if (*cp == '[')
+			*p++ = '\\';
+		*p++ = *cp++;
+	}
+	*p++ = '\0';
+
+	rule->next = implied_filter_list.head;
+	implied_filter_list.head = rule;
+	if (DEBUG_GTE(FILTER, 3)) {
+		rprintf(FINFO, "[%s] add_implied_include(%s%s)\n", who_am_i(), rule->pattern,
+			rule->rflags & FILTRULE_DIRECTORY ? "/" : "");
+	}
+}
+
+static char *partial_string_buf = NULL;
+static int partial_string_len = 0;
+void implied_include_partial_string(const char *s_start, const char *s_end)
+{
+	partial_string_len = s_end - s_start;
+	if (partial_string_len <= 0 || partial_string_len >= MAXPATHLEN) { /* too-large should be impossible... */
+		partial_string_len = 0;
+		return;
+	}
+	if (!partial_string_buf)
+		partial_string_buf = new_array(char, MAXPATHLEN);
+	memcpy(partial_string_buf, s_start, partial_string_len);
+}
+
+void free_implied_include_partial_string()
+{
+	if (partial_string_buf) {
+		if (partial_string_len)
+			add_implied_include("", 0);
+		free(partial_string_buf);
+		partial_string_buf = NULL;
+	}
+	partial_string_len = 0; /* paranoia */
+}
+
+/* Each arg the client sends to the remote sender turns into an implied include
+ * that the receiver uses to validate the file list from the sender. */
+void add_implied_include(const char *arg, int skip_daemon_module)
+{
+	int arg_len, saw_wild = 0, saw_live_open_brkt = 0, backslash_cnt = 0;
+	int slash_cnt = 0;
+	const char *cp;
+	char *p;
+	if (trust_sender_args)
+		return;
+	if (partial_string_len) {
+		arg_len = strlen(arg);
+		if (partial_string_len + arg_len >= MAXPATHLEN) {
+			partial_string_len = 0;
+			return; /* Should be impossible... */
+		}
+		memcpy(partial_string_buf + partial_string_len, arg, arg_len + 1);
+		partial_string_len = 0;
+		arg = partial_string_buf;
+	}
+	if (skip_daemon_module) {
+		if ((cp = strchr(arg, '/')) != NULL)
+			arg = cp + 1;
+		else
+			arg = "";
+	}
+	if (relative_paths) {
+		if ((cp = strstr(arg, "/./")) != NULL)
+			arg = cp + 3;
+	} else if ((cp = strrchr(arg, '/')) != NULL) {
+		arg = cp + 1;
+	}
+	if (*arg == '.' && arg[1] == '\0')
+		arg++;
+	arg_len = strlen(arg);
+	if (arg_len) {
+		char *new_pat;
+		if (strpbrk(arg, "*[?")) {
+			/* We need to add room to escape backslashes if wildcard chars are present. */
+			for (cp = arg; (cp = strchr(cp, '\\')) != NULL; cp++)
+				arg_len++;
+			saw_wild = 1;
+		}
+		arg_len++; /* Leave room for the prefixed slash */
+		p = new_pat = new_array(char, arg_len + 1);
+		*p++ = '/';
+		slash_cnt++;
+		for (cp = arg; *cp; ) {
+			switch (*cp) {
+			  case '\\':
+				if (cp[1] == ']') {
+					if (!saw_wild)
+						cp++; /* A \] in a non-wild filter causes a problem, so drop the \ . */
+				} else if (!strchr("*[?", cp[1])) {
+					backslash_cnt++;
+					if (saw_wild)
+						*p++ = '\\';
+				}
+				*p++ = *cp++;
+				break;
+			  case '/':
+				if (p[-1] == '/') { /* This is safe because of the initial slash. */
+					if (*++cp == '\0') {
+						slash_cnt--;
+						p--;
+					}
+				} else if (cp[1] == '\0') {
+					cp++;
+				} else {
+					slash_cnt++;
+					*p++ = *cp++;
+				}
+				break;
+			  case '.':
+				if (p[-1] == '/') {
+					if (cp[1] == '/') {
+						cp += 2;
+						if (!*cp) {
+							slash_cnt--;
+							p--;
+						}
+					} else if (cp[1] == '\0') {
+						cp++;
+						slash_cnt--;
+						p--;
+					} else
+						*p++ = *cp++;
+				} else
+					*p++ = *cp++;
+				break;
+			  case '[':
+				saw_live_open_brkt = 1;
+				*p++ = *cp++;
+				break;
+			  default:
+				*p++ = *cp++;
+				break;
+			}
+		}
+		*p = '\0';
+		arg_len = p - new_pat;
+		if (!arg_len)
+			free(new_pat);
+		else {
+			filter_rule *rule = new0(filter_rule);
+			rule->rflags = FILTRULE_INCLUDE + (saw_wild ? FILTRULE_WILD : 0);
+			rule->u.slash_cnt = slash_cnt;
+			arg = rule->pattern = new_pat;
+			if (!implied_filter_list.head)
+				implied_filter_list.head = implied_filter_list.tail = rule;
+			else {
+				rule->next = implied_filter_list.head;
+				implied_filter_list.head = rule;
+			}
+			if (DEBUG_GTE(FILTER, 3))
+				rprintf(FINFO, "[%s] add_implied_include(%s)\n", who_am_i(), arg);
+			if (saw_live_open_brkt)
+				maybe_add_literal_brackets_rule(rule, arg_len);
+			if (relative_paths && slash_cnt) {
+				int sub_slash_cnt = slash_cnt;
+				while ((p = strrchr(new_pat, '/')) != NULL && p != new_pat) {
+					filter_rule const *ent;
+					filter_rule *R_rule;
+					int found = 0;
+					*p = '\0';
+					for (ent = implied_filter_list.head; ent; ent = ent->next) {
+						if (ent != rule && strcmp(ent->pattern, new_pat) == 0) {
+							found = 1;
+							break;
+						}
+					}
+					if (found) {
+						*p = '/';
+						break; /* We added all parent dirs already */
+					}
+					R_rule = new0(filter_rule);
+					R_rule->rflags = FILTRULE_INCLUDE | FILTRULE_DIRECTORY;
+					/* Check if our sub-path has wildcards or escaped backslashes */
+					if (saw_wild && strpbrk(new_pat, "*[?\\"))
+						R_rule->rflags |= FILTRULE_WILD;
+					R_rule->pattern = strdup(new_pat);
+					R_rule->u.slash_cnt = --sub_slash_cnt;
+					R_rule->next = implied_filter_list.head;
+					implied_filter_list.head = R_rule;
+					if (DEBUG_GTE(FILTER, 3)) {
+						rprintf(FINFO, "[%s] add_implied_include(%s/)\n",
+							who_am_i(), R_rule->pattern);
+					}
+					if (saw_live_open_brkt)
+						maybe_add_literal_brackets_rule(R_rule, -1);
+				}
+				for (p = new_pat; sub_slash_cnt < slash_cnt; sub_slash_cnt++) {
+					p += strlen(p);
+					*p = '/';
+				}
+			}
+		}
+	}
+
+	if (recurse || xfer_dirs) {
+		/* Now create a rule with an added "/" & "**" or "*" at the end */
+		filter_rule *rule = new0(filter_rule);
+		rule->rflags = FILTRULE_INCLUDE | FILTRULE_WILD;
+		if (recurse)
+			rule->rflags |= FILTRULE_WILD2;
+		/* We must leave enough room for / * * \0. */
+		if (!saw_wild && backslash_cnt) {
+			/* We are appending a wildcard, so now the backslashes need to be escaped. */
+			p = rule->pattern = new_array(char, arg_len + backslash_cnt + 3 + 1);
+			for (cp = arg; *cp; ) { /* Note that arg_len != 0 because backslash_cnt > 0 */
+				if (*cp == '\\')
+					*p++ = '\\';
+				*p++ = *cp++;
+			}
+		} else {
+			p = rule->pattern = new_array(char, arg_len + 3 + 1);
+			if (arg_len) {
+				memcpy(p, arg, arg_len);
+				p += arg_len;
+			}
+		}
+		*p++ = '/';
+		*p++ = '*';
+		if (recurse)
+			*p++ = '*';
+		*p = '\0';
+		rule->u.slash_cnt = slash_cnt + 1;
+		rule->next = implied_filter_list.head;
+		implied_filter_list.head = rule;
+		if (DEBUG_GTE(FILTER, 3))
+			rprintf(FINFO, "[%s] add_implied_include(%s)\n", who_am_i(), rule->pattern);
+		if (saw_live_open_brkt)
+			maybe_add_literal_brackets_rule(rule, p - rule->pattern);
+	}
+}
+
 /* This frees any non-inherited items, leaving just inherited items on the list. */
 static void pop_filter_list(filter_rule_list *listp)
 {
@@ -439,7 +720,8 @@ static BOOL setup_merge_file(int mergelist_num, filter_rule *ex,
 	parent_dirscan = True;
 	while (*y) {
 		char save[MAXPATHLEN];
-		strlcpy(save, y, MAXPATHLEN);
+		/* copylen is strlen(y) which is < MAXPATHLEN. +1 for \0 */
+		size_t copylen = strlcpy(save, y, MAXPATHLEN) + 1;
 		*y = '\0';
 		dirbuf_len = y - dirbuf;
 		strlcpy(x, ex->pattern, MAXPATHLEN - (x - buf));
@@ -453,7 +735,7 @@ static BOOL setup_merge_file(int mergelist_num, filter_rule *ex,
 			lp->head = NULL;
 		}
 		lp->tail = NULL;
-		strlcpy(y, save, MAXPATHLEN);
+		strlcpy(y, save, copylen);
 		while ((*x++ = *y++) != '/') {}
 	}
 	parent_dirscan = False;
@@ -622,11 +904,11 @@ static int rule_matches(const char *fname, filter_rule *ex, int name_flags)
 {
 	int slash_handling, str_cnt = 0, anchored_match = 0;
 	int ret_match = ex->rflags & FILTRULE_NEGATE ? 0 : 1;
-	char *p, *pattern = ex->pattern;
+	const char *p, *pattern = ex->pattern;
 	const char *strings[16]; /* more than enough */
 	const char *name = fname + (*fname == '/');
 
-	if (!*name)
+	if (!*name || ex->elide == cur_elide_value)
 		return 0;
 
 	if (!(name_flags & NAME_IS_XATTR) ^ !(ex->rflags & FILTRULE_XATTR))
@@ -703,11 +985,12 @@ static void report_filter_result(enum logcode code, char const *name,
 				 filter_rule const *ent,
 				 int name_flags, const char *type)
 {
+	int log_level = am_sender || am_generator ? 1 : 3;
+
 	/* If a trailing slash is present to match only directories,
 	 * then it is stripped out by add_rule().  So as a special
-	 * case we add it back in here. */
-
-	if (DEBUG_GTE(FILTER, 1)) {
+	 * case we add it back in the log output. */
+	if (DEBUG_GTE(FILTER, log_level)) {
 		static char *actions[2][2]
 		    = { {"show", "hid"}, {"risk", "protect"} };
 		const char *w = who_am_i();
@@ -715,7 +998,7 @@ static void report_filter_result(enum logcode code, char const *name,
 			      : name_flags & NAME_IS_DIR ? "directory"
 			      : "file";
 		rprintf(code, "[%s] %sing %s %s because of pattern %s%s%s\n",
-		    w, actions[*w!='s'][!(ent->rflags & FILTRULE_INCLUDE)],
+		    w, actions[*w=='g'][!(ent->rflags & FILTRULE_INCLUDE)],
 		    t, name, ent->pattern,
 		    ent->rflags & FILTRULE_DIRECTORY ? "/" : "", type);
 	}
@@ -741,6 +1024,15 @@ int name_is_excluded(const char *fname, int name_flags, int filter_level)
 	return 0;
 }
 
+int check_server_filter(filter_rule_list *listp, enum logcode code, const char *name, int name_flags)
+{
+	int ret;
+	cur_elide_value = LOCAL_RULE;
+	ret = check_filter(listp, code, name, name_flags);
+	cur_elide_value = REMOTE_RULE;
+	return ret;
+}
+
 /* Return -1 if file "name" is defined to be excluded by the specified
  * exclude list, 1 if it is included, and 0 if it was not matched. */
 int check_filter(filter_rule_list *listp, enum logcode code,
@@ -887,6 +1179,7 @@ static filter_rule *parse_rule_tok(const char **rulestr_ptr,
 		}
 		switch (ch) {
 		case ':':
+			trust_sender_filter = 1;
 			rule->rflags |= FILTRULE_PERDIR_MERGE
 				      | FILTRULE_FINISH_SETUP;
 			/* FALL THROUGH */
@@ -1053,7 +1346,7 @@ static void get_cvs_excludes(uint32 rflags)
 		return;
 	initialized = 1;
 
-	parse_filter_str(&cvs_filter_list, DEFAULT_CVSIGNORE,
+	parse_filter_str(&cvs_filter_list, default_cvsignore(),
 			 rule_template(rflags | (protocol_version >= 30 ? FILTRULE_PERISHABLE : 0)),
 			 0);
 
@@ -1295,7 +1588,7 @@ char *get_rule_prefix(filter_rule *rule, const char *pat, int for_xfer,
 
 static void send_rules(int f_out, filter_rule_list *flp)
 {
-	filter_rule *ent, *prev = NULL;
+	filter_rule *ent;
 
 	for (ent = flp->head; ent; ent = ent->next) {
 		unsigned int len, plen, dlen;
@@ -1310,21 +1603,15 @@ static void send_rules(int f_out, filter_rule_list *flp)
 		 * merge files as an optimization (since they can only have
 		 * include/exclude rules). */
 		if (ent->rflags & FILTRULE_SENDER_SIDE)
-			elide = am_sender ? 1 : -1;
+			elide = am_sender ? LOCAL_RULE : REMOTE_RULE;
 		if (ent->rflags & FILTRULE_RECEIVER_SIDE)
-			elide = elide ? 0 : am_sender ? -1 : 1;
+			elide = elide ? 0 : am_sender ? REMOTE_RULE : LOCAL_RULE;
 		else if (delete_excluded && !elide
 		 && (!(ent->rflags & FILTRULE_PERDIR_MERGE)
 		  || ent->rflags & FILTRULE_NO_PREFIXES))
-			elide = am_sender ? 1 : -1;
-		if (elide < 0) {
-			if (prev)
-				prev->next = ent->next;
-			else
-				flp->head = ent->next;
-		} else
-			prev = ent;
-		if (elide > 0)
+			elide = am_sender ? LOCAL_RULE : REMOTE_RULE;
+		ent->elide = elide;
+		if (elide == LOCAL_RULE)
 			continue;
 		if (ent->rflags & FILTRULE_CVS_IGNORE
 		    && !(ent->rflags & FILTRULE_MERGE_FILE)) {
@@ -1352,7 +1639,6 @@ static void send_rules(int f_out, filter_rule_list *flp)
 		if (dlen)
 			write_byte(f_out, '/');
 	}
-	flp->tail = prev;
 }
 
 /* This is only called by the client. */

fileio.c

@@ -3,7 +3,7 @@
  *
  * Copyright (C) 1998 Andrew Tridgell
  * Copyright (C) 2002 Martin Pool
- * Copyright (C) 2004-2020 Wayne Davison
+ * Copyright (C) 2004-2023 Wayne Davison
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -40,30 +40,34 @@ OFF_T preallocated_len = 0;
 static OFF_T sparse_seek = 0;
 static OFF_T sparse_past_write = 0;
 
-int sparse_end(int f, OFF_T size)
+int sparse_end(int f, OFF_T size, int updating_basis_or_equiv)
 {
-	int ret;
+	int ret = 0;
 
-	sparse_past_write = 0;
-
-	if (!sparse_seek)
-		return 0;
-
-#ifdef HAVE_FTRUNCATE
-	ret = do_ftruncate(f, size);
-#else
-	if (do_lseek(f, sparse_seek-1, SEEK_CUR) != size-1)
-		ret = -1;
-	else {
-		do {
-			ret = write(f, "", 1);
-		} while (ret < 0 && errno == EINTR);
-
-		ret = ret <= 0 ? -1 : 0;
-	}
+	if (updating_basis_or_equiv) {
+		if (sparse_seek && do_punch_hole(f, sparse_past_write, sparse_seek) < 0)
+			ret = -1;
+#ifdef HAVE_FTRUNCATE /* A compilation formality -- in-place requires ftruncate() */
+		else /* Just in case the original file was longer */
+			ret = do_ftruncate(f, size);
 #endif
+	} else if (sparse_seek) {
+#ifdef HAVE_FTRUNCATE
+		ret = do_ftruncate(f, size);
+#else
+		if (do_lseek(f, sparse_seek-1, SEEK_CUR) != size-1)
+			ret = -1;
+		else {
+			do {
+				ret = write(f, "", 1);
+			} while (ret < 0 && errno == EINTR);
 
-	sparse_seek = 0;
+			ret = ret <= 0 ? -1 : 0;
+		}
+#endif
+	}
+
+	sparse_past_write = sparse_seek = 0;
 
 	return ret;
 }

flist.c

@@ -4,7 +4,7 @@
  * Copyright (C) 1996 Andrew Tridgell
  * Copyright (C) 1996 Paul Mackerras
  * Copyright (C) 2001, 2002 Martin Pool <mbp@samba.org>
- * Copyright (C) 2002-2020 Wayne Davison
+ * Copyright (C) 2002-2023 Wayne Davison
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -33,7 +33,6 @@ extern int am_sender;
 extern int am_generator;
 extern int inc_recurse;
 extern int always_checksum;
-extern int checksum_type;
 extern int module_id;
 extern int ignore_errors;
 extern int numeric_ids;
@@ -43,6 +42,7 @@ extern int use_qsort;
 extern int xfer_dirs;
 extern int filesfrom_fd;
 extern int one_file_system;
+extern int copy_devices;
 extern int copy_dirlinks;
 extern int preserve_uid;
 extern int preserve_gid;
@@ -56,6 +56,7 @@ extern int delete_during;
 extern int missing_args;
 extern int eol_nulls;
 extern int atimes_ndx;
+extern int crtimes_ndx;
 extern int relative_paths;
 extern int implied_dirs;
 extern int ignore_perishable;
@@ -71,18 +72,20 @@ extern int need_unsorted_flist;
 extern int sender_symlink_iconv;
 extern int output_needs_newline;
 extern int sender_keeps_checksum;
+extern int trust_sender_filter;
 extern int unsort_ndx;
 extern uid_t our_uid;
 extern struct stats stats;
 extern char *filesfrom_host;
 extern char *usermap, *groupmap;
 
+extern struct name_num_item *file_sum_nni;
+
 extern char curr_dir[MAXPATHLEN];
 
 extern struct chmod_mode_struct *chmod_modes;
 
-extern filter_rule_list filter_list;
-extern filter_rule_list daemon_filter_list;
+extern filter_rule_list filter_list, implied_filter_list, daemon_filter_list;
 
 #ifdef ICONV_OPTION
 extern int filesfrom_convert;
@@ -129,10 +132,23 @@ static int64 tmp_dev = -1, tmp_ino;
 #endif
 static char tmp_sum[MAX_DIGEST_LEN];
 
+#ifdef ST_MTIME_NSEC
+/* Return st_mtim nsec if it is in the wire-valid range, else 0. */
+static inline uint32 wire_mtime_nsec_from_stat(const STRUCT_STAT *stp)
+{
+	unsigned long nsec = (unsigned long)stp->ST_MTIME_NSEC;
+
+	if (nsec > MAX_WIRE_NSEC)
+		return 0;
+	return (uint32)nsec;
+}
+#endif
+
 static char empty_sum[MAX_DIGEST_LEN];
 static int flist_count_offset; /* for --delete --progress */
 static int show_filelist_progress;
 
+static struct file_list *flist_new(int flags, const char *msg);
 static void flist_sort_and_clean(struct file_list *flist, int strip_root);
 static void output_flist(struct file_list *flist);
 
@@ -142,7 +158,8 @@ void init_flist(void)
 		rprintf(FINFO, "FILE_STRUCT_LEN=%d, EXTRA_LEN=%d\n",
 			(int)FILE_STRUCT_LEN, (int)EXTRA_LEN);
 	}
-	flist_csum_len = csum_len_for_type(checksum_type, 1);
+	/* Note that this isn't identical to file_sum_len in the case of CSUM_MD4_ARCHAIC: */
+	flist_csum_len = csum_len_for_type(file_sum_nni->num, 1);
 
 	show_filelist_progress = INFO_GTE(FLIST, 1) && xfer_dirs && !am_server && !inc_recurse;
 }
@@ -293,6 +310,8 @@ static void flist_expand(struct file_list *flist, int extra)
 		flist->malloced = FLIST_START;
 	else if (flist->malloced >= FLIST_LINEAR)
 		flist->malloced += FLIST_LINEAR;
+	else if (flist->malloced < FLIST_START_LARGE/16)
+		flist->malloced *= 4;
 	else
 		flist->malloced *= 2;
 
@@ -303,7 +322,7 @@ static void flist_expand(struct file_list *flist, int extra)
 
 	new_ptr = realloc_array(flist->files, struct file_struct *, flist->malloced);
 
-	if (DEBUG_GTE(FLIST, 1) && flist->malloced != FLIST_START) {
+	if (DEBUG_GTE(FLIST, 1) && flist->files) {
 		rprintf(FCLIENT, "[%s] expand file_list pointer array to %s bytes, did%s move\n",
 		    who_am_i(),
 		    big_num(sizeof flist->files[0] * flist->malloced),
@@ -377,6 +396,9 @@ static void send_file_entry(int f, const char *fname, struct file_struct *file,
 			    int ndx, int first_ndx)
 {
 	static time_t modtime, atime;
+#ifdef SUPPORT_CRTIMES
+	static time_t crtime;
+#endif
 	static mode_t mode;
 #ifdef SUPPORT_HARD_LINKS
 	static int64 dev;
@@ -443,7 +465,7 @@ static void send_file_entry(int f, const char *fname, struct file_struct *file,
 		if (protocol_version < 28)
 			xflags |= XMIT_SAME_RDEV_pre28;
 		else {
-			rdev = MAKEDEV(major(rdev), 0);
+			rdev = MAKEDEV(rdev_major, 0);
 			xflags |= XMIT_SAME_RDEV_MAJOR;
 			if (protocol_version < 30)
 				xflags |= XMIT_RDEV_MINOR_8_pre30;
@@ -482,6 +504,13 @@ static void send_file_entry(int f, const char *fname, struct file_struct *file,
 		else
 			atime = F_ATIME(file);
 	}
+#ifdef SUPPORT_CRTIMES
+	if (crtimes_ndx) {
+		crtime = F_CRTIME(file);
+		if (crtime == modtime)
+			xflags |= XMIT_CRTIME_EQ_MTIME;
+	}
+#endif
 
 #ifdef SUPPORT_HARD_LINKS
 	if (tmp_dev != -1) {
@@ -569,6 +598,10 @@ static void send_file_entry(int f, const char *fname, struct file_struct *file,
 	}
 	if (xflags & XMIT_MOD_NSEC)
 		write_varint(f, F_MOD_NSEC(file));
+#ifdef SUPPORT_CRTIMES
+	if (crtimes_ndx && !(xflags & XMIT_CRTIME_EQ_MTIME))
+		write_varlong(f, crtime, 4);
+#endif
 	if (!(xflags & XMIT_SAME_MODE))
 		write_int(f, to_wire_mode(mode));
 	if (atimes_ndx && !S_ISDIR(mode) && !(xflags & XMIT_SAME_ATIME))
@@ -661,6 +694,9 @@ static void send_file_entry(int f, const char *fname, struct file_struct *file,
 static struct file_struct *recv_file_entry(int f, struct file_list *flist, int xflags)
 {
 	static int64 modtime, atime;
+#ifdef SUPPORT_CRTIMES
+	static time_t crtime;
+#endif
 	static mode_t mode;
 #ifdef SUPPORT_HARD_LINKS
 	static int64 dev;
@@ -679,8 +715,11 @@ static struct file_struct *recv_file_entry(int f, struct file_list *flist, int x
 	int alloc_len, basename_len, linkname_len;
 	int extra_len = file_extra_cnt * EXTRA_LEN;
 	int first_hlink_ndx = -1;
+	char real_ISREG_entry;
 	int64 file_length;
+#ifdef CAN_SET_NSEC
 	uint32 modtime_nsec;
+#endif
 	const char *basename;
 	struct file_struct *file;
 	alloc_pool_t *pool;
@@ -729,7 +768,7 @@ static struct file_struct *recv_file_entry(int f, struct file_list *flist, int x
 	if (*thisname
 	 && (clean_fname(thisname, CFN_REFUSE_DOT_DOT_DIRS) < 0 || (!relative_paths && *thisname == '/'))) {
 		rprintf(FERROR, "ABORTING due to unsafe pathname from sender: %s\n", thisname);
-		exit_cleanup(RERR_PROTOCOL);
+		exit_cleanup(RERR_UNSUPPORTED);
 	}
 
 	if (sanitize_paths)
@@ -767,23 +806,31 @@ static struct file_struct *recv_file_entry(int f, struct file_list *flist, int x
 			struct file_struct *first = flist->files[first_hlink_ndx - flist->ndx_start];
 			file_length = F_LENGTH(first);
 			modtime = first->modtime;
+#ifdef CAN_SET_NSEC
 			modtime_nsec = F_MOD_NSEC_or_0(first);
+#endif
 			mode = first->mode;
 			if (atimes_ndx && !S_ISDIR(mode))
 				atime = F_ATIME(first);
+#ifdef SUPPORT_CRTIMES
+			if (crtimes_ndx)
+				crtime = F_CRTIME(first);
+#endif
 			if (preserve_uid)
 				uid = F_OWNER(first);
 			if (preserve_gid)
 				gid = F_GROUP(first);
 			if (preserve_devices && IS_DEVICE(mode)) {
 				uint32 *devp = F_RDEV_P(first);
-				rdev = MAKEDEV(DEV_MAJOR(devp), DEV_MINOR(devp));
+				rdev_major = DEV_MAJOR(devp);
+				rdev = MAKEDEV(rdev_major, DEV_MINOR(devp));
 				extra_len += DEV_EXTRA_CNT * EXTRA_LEN;
 			}
 			if (preserve_links && S_ISLNK(mode))
 				linkname_len = strlen(F_SYMLINK(first)) + 1;
 			else
 				linkname_len = 0;
+			real_ISREG_entry = S_ISREG(mode) ? 1 : 0;
 			goto create_object;
 		}
 	}
@@ -801,14 +848,49 @@ static struct file_struct *recv_file_entry(int f, struct file_list *flist, int x
 			}
 #endif
 		} else
-			modtime = read_int(f);
+			modtime = read_uint(f);
 	}
 	if (xflags & XMIT_MOD_NSEC)
-		modtime_nsec = read_varint(f);
+#ifndef CAN_SET_NSEC
+		(void)read_varint_bounded(f, 0, MAX_WIRE_NSEC, "modtime_nsec");
+#else
+		modtime_nsec = read_varint_bounded(f, 0, MAX_WIRE_NSEC, "modtime_nsec");
 	else
 		modtime_nsec = 0;
-	if (!(xflags & XMIT_SAME_MODE))
+#endif
+#ifdef SUPPORT_CRTIMES
+	if (crtimes_ndx) {
+		if (xflags & XMIT_CRTIME_EQ_MTIME)
+			crtime = modtime;
+		else
+			crtime = read_varlong(f, 4);
+#if SIZEOF_TIME_T < SIZEOF_INT64
+		if (!am_generator && (int64)(time_t)crtime != crtime) {
+			rprintf(FERROR_XFER,
+				"Create time value of %s truncated on receiver.\n",
+				lastname);
+		}
+#endif
+	}
+#endif
+	if (!(xflags & XMIT_SAME_MODE)) {
 		mode = from_wire_mode(read_int(f));
+		/* Reject modes whose type bits are not one of the standard
+		 * file types; otherwise garbage mode values propagate through
+		 * the file-type checks below unpredictably.  mode 0 is the one
+		 * legitimate exception: --delete-missing-args (missing_args==2)
+		 * sends a missing arg as a mode-0 entry (IS_MISSING_FILE), the
+		 * generator's delete signal (#910). */
+		if (mode != 0 || missing_args != 2) {
+		    if (!S_ISREG(mode) && !S_ISDIR(mode) && !S_ISLNK(mode)
+		     && !S_ISCHR(mode) && !S_ISBLK(mode)
+		     && !S_ISFIFO(mode) && !S_ISSOCK(mode)) {
+			rprintf(FERROR, "invalid file mode 0%o for %s [%s]\n",
+				(unsigned)mode, lastname, who_am_i());
+			exit_cleanup(RERR_PROTOCOL);
+		    }
+		}
+	}
 	if (atimes_ndx && !S_ISDIR(mode) && !(xflags & XMIT_SAME_ATIME)) {
 		atime = read_varlong(f, 4);
 #if SIZEOF_TIME_T < SIZEOF_INT64
@@ -892,10 +974,20 @@ static struct file_struct *recv_file_entry(int f, struct file_list *flist, int x
 #endif
 		linkname_len = 0;
 
+	if (copy_devices && IS_DEVICE(mode)) {
+		/* This is impossible in the official release, but some pre-release patches
+		 * didn't convert the device into a file before sending, so we'll do it here
+		 * (even though the length is typically 0 and any checksum data is zeros). */
+		mode = S_IFREG | (mode & ACCESSPERMS);
+		modtime = time(NULL); /* The mtime on the device is not up-to-date, so set it to "now". */
+		real_ISREG_entry = 0;
+	} else
+		real_ISREG_entry = S_ISREG(mode) ? 1 : 0;
+
 #ifdef SUPPORT_HARD_LINKS
   create_object:
 	if (preserve_hard_links) {
-		if (protocol_version < 28 && S_ISREG(mode))
+		if (protocol_version < 28 && real_ISREG_entry)
 			xflags |= XMIT_HLINKED;
 		if (xflags & XMIT_HLINKED)
 			extra_len += (inc_recurse+1) * EXTRA_LEN;
@@ -924,6 +1016,19 @@ static struct file_struct *recv_file_entry(int f, struct file_list *flist, int x
 		exit_cleanup(RERR_UNSUPPORTED);
 	}
 
+	if (*thisname == '/' ? thisname[1] != '.' || thisname[2] != '\0' : *thisname != '.' || thisname[1] != '\0') {
+		int filt_flags = S_ISDIR(mode) ? NAME_IS_DIR : NAME_IS_FILE;
+		if (!trust_sender_filter /* a per-dir filter rule means we must trust the sender's filtering */
+		 && filter_list.head && check_server_filter(&filter_list, FINFO, thisname, filt_flags) < 0) {
+			rprintf(FERROR, "ERROR: rejecting excluded file-list name: %s\n", thisname);
+			exit_cleanup(RERR_UNSUPPORTED);
+		}
+		if (implied_filter_list.head && check_filter(&implied_filter_list, FINFO, thisname, filt_flags) <= 0) {
+			rprintf(FERROR, "ERROR: rejecting unrequested file-list name: %s\n", thisname);
+			exit_cleanup(RERR_UNSUPPORTED);
+		}
+	}
+
 	if (inc_recurse && S_ISDIR(mode)) {
 		if (one_file_system) {
 			/* Room to save the dir's device for -x */
@@ -988,6 +1093,10 @@ static struct file_struct *recv_file_entry(int f, struct file_list *flist, int x
 	}
 	if (atimes_ndx && !S_ISDIR(mode))
 		F_ATIME(file) = atime;
+#ifdef SUPPORT_CRTIMES
+	if (crtimes_ndx)
+		F_CRTIME(file) = crtime;
+#endif
 	if (unsort_ndx)
 		F_NDX(file) = flist->used + flist->ndx_start;
 
@@ -1107,8 +1216,8 @@ static struct file_struct *recv_file_entry(int f, struct file_list *flist, int x
 	}
 #endif
 
-	if (always_checksum && (S_ISREG(mode) || protocol_version < 28)) {
-		if (S_ISREG(mode))
+	if (always_checksum && (real_ISREG_entry || protocol_version < 28)) {
+		if (real_ISREG_entry)
 			bp = F_SUM(file);
 		else {
 			/* Prior to 28, we get a useless set of nulls. */
@@ -1158,7 +1267,7 @@ struct file_struct *make_file(const char *fname, struct file_list *flist,
 	int extra_len = file_extra_cnt * EXTRA_LEN;
 	const char *basename;
 	alloc_pool_t *pool;
-	STRUCT_STAT st;
+	STRUCT_STAT st = {0};
 	char *bp;
 
 	if (strlcpy(thisname, fname, sizeof thisname) >= sizeof thisname) {
@@ -1307,9 +1416,25 @@ struct file_struct *make_file(const char *fname, struct file_list *flist,
 	linkname_len = 0;
 #endif
 
+	if (copy_devices && am_sender && IS_DEVICE(st.st_mode)) {
+		if (st.st_size == 0) {
+			int fd = do_open_checklinks(fname);
+			if (fd >= 0) {
+				st.st_size = get_device_size(fd, fname);
+				close(fd);
+			}
+		}
+		st.st_mode = S_IFREG | (st.st_mode & ACCESSPERMS);
+		st.st_mtime = time(NULL); /* The mtime on the device is not up-to-date, so set it to "now". */
+	}
+
 #ifdef ST_MTIME_NSEC
-	if (st.ST_MTIME_NSEC && protocol_version >= 31)
-		extra_len += EXTRA_LEN;
+	{
+		uint32 nsec = wire_mtime_nsec_from_stat(&st);
+
+		if (nsec && protocol_version >= 31)
+			extra_len += EXTRA_LEN;
+	}
 #endif
 #if SIZEOF_CAPITAL_OFF_T >= 8
 	if (st.st_size > 0xFFFFFFFFu && S_ISREG(st.st_mode))
@@ -1364,9 +1489,13 @@ struct file_struct *make_file(const char *fname, struct file_list *flist,
 	file->flags = flags;
 	file->modtime = st.st_mtime;
 #ifdef ST_MTIME_NSEC
-	if (st.ST_MTIME_NSEC && protocol_version >= 31) {
-		file->flags |= FLAG_MOD_NSEC;
-		F_MOD_NSEC(file) = st.ST_MTIME_NSEC;
+	{
+		uint32 nsec = wire_mtime_nsec_from_stat(&st);
+
+		if (nsec && protocol_version >= 31) {
+			file->flags |= FLAG_MOD_NSEC;
+			F_MOD_NSEC(file) = nsec;
+		}
 	}
 #endif
 	file->len32 = (uint32)st.st_size;
@@ -1385,6 +1514,10 @@ struct file_struct *make_file(const char *fname, struct file_list *flist,
 		file->flags |= FLAG_OWNED_BY_US;
 	if (atimes_ndx && !S_ISDIR(file->mode))
 		F_ATIME(file) = st.st_atime;
+#ifdef SUPPORT_CRTIMES
+	if (crtimes_ndx)
+		F_CRTIME(file) = get_create_time(fname, &st);
+#endif
 
 	if (basename != thisname)
 		file->dirname = lastdir;
@@ -1892,7 +2025,7 @@ static void send_implied_dirs(int f, struct file_list *flist, char *fname,
 		memcpy(F_DIR_RELNAMES_P(lastpath_struct), &relname_list, sizeof relname_list);
 	}
 	rnpp = EXPAND_ITEM_LIST(relname_list, relnamecache *, 32);
-	*rnpp = (relnamecache*)new_array(char, sizeof (relnamecache) + len);
+	*rnpp = (relnamecache*)new_array(char, RELNAMECACHE_LEN + len + 1);
 	(*rnpp)->name_type = name_type;
 	strlcpy((*rnpp)->fname, limit+1, len + 1);
 
@@ -1962,10 +2095,9 @@ static void send1extra(int f, struct file_struct *file, struct file_list *flist)
 		}
 
 		if (name_type != NORMAL_NAME) {
-			STRUCT_STAT st;
-			if (name_type == MISSING_NAME)
-				memset(&st, 0, sizeof st);
-			else if (link_stat(fbuf, &st, 1) != 0) {
+			STRUCT_STAT st = {0};
+
+			if (name_type != MISSING_NAME && link_stat(fbuf, &st, 1) != 0) {
 				interpret_stat_error(fbuf, True);
 				continue;
 			}
@@ -2051,8 +2183,7 @@ void send_extra_file_list(int f, int at_least)
 
 		if (need_unsorted_flist) {
 			flist->sorted = new_array(struct file_struct *, flist->used);
-			memcpy(flist->sorted, flist->files,
-			       flist->used * sizeof (struct file_struct*));
+			memcpy(flist->sorted, flist->files, flist->used * PTR_SIZE);
 		} else
 			flist->sorted = flist->files;
 
@@ -2098,7 +2229,7 @@ struct file_list *send_file_list(int f, int argc, char *argv[])
 	static const char *lastdir;
 	static int lastdir_len = -1;
 	int len, dirlen;
-	STRUCT_STAT st;
+	STRUCT_STAT st = {0};
 	char *p, *dir;
 	struct file_list *flist;
 	struct timeval start_tv, end_tv;
@@ -2132,8 +2263,10 @@ struct file_list *send_file_list(int f, int argc, char *argv[])
 #endif
 
 	flist = cur_flist = flist_new(0, "send_file_list");
+	flist_expand(flist, FLIST_START_LARGE);
 	if (inc_recurse) {
 		dir_flist = flist_new(FLIST_TEMP, "send_file_list");
+		flist_expand(dir_flist, FLIST_START_LARGE);
 		flags |= FLAG_DIVERT_DIRS;
 	} else
 		dir_flist = cur_flist;
@@ -2269,7 +2402,7 @@ struct file_list *send_file_list(int f, int argc, char *argv[])
 		}
 
 		dirlen = dir ? strlen(dir) : 0;
-		if (dirlen != lastdir_len || memcmp(lastdir, dir, dirlen) != 0) {
+		if (dirlen != lastdir_len || (dirlen && memcmp(lastdir, dir, dirlen) != 0)) {
 			if (!change_pathname(NULL, dir, -dirlen))
 				goto bad_path;
 			lastdir = pathname;
@@ -2405,8 +2538,7 @@ struct file_list *send_file_list(int f, int argc, char *argv[])
 	 * send them together in a single file-list. */
 	if (need_unsorted_flist) {
 		flist->sorted = new_array(struct file_struct *, flist->used);
-		memcpy(flist->sorted, flist->files,
-		       flist->used * sizeof (struct file_struct*));
+		memcpy(flist->sorted, flist->files, flist->used * PTR_SIZE);
 	} else
 		flist->sorted = flist->files;
 	flist_sort_and_clean(flist, 0);
@@ -2414,7 +2546,7 @@ struct file_list *send_file_list(int f, int argc, char *argv[])
 	file_old_total += flist->used;
 
 	if (numeric_ids <= 0 && !inc_recurse)
-		send_id_list(f);
+		send_id_lists(f);
 
 	/* send the io_error flag */
 	if (protocol_version < 30)
@@ -2487,11 +2619,27 @@ struct file_list *recv_file_list(int f, int dir_ndx)
 		init_hard_links();
 #endif
 
+	if (inc_recurse && dir_ndx >= 0) {
+		if (dir_ndx >= dir_flist->used) {
+			rprintf(FERROR_XFER, "rsync: refusing invalid dir_ndx %u >= %u\n", dir_ndx, dir_flist->used);
+			exit_cleanup(RERR_PROTOCOL);
+		}
+		struct file_struct *file = dir_flist->files[dir_ndx];
+		if (file->flags & FLAG_GOT_DIR_FLIST) {
+			rprintf(FERROR_XFER, "rsync: refusing malicious duplicate flist for dir %d\n", dir_ndx);
+			exit_cleanup(RERR_PROTOCOL);
+		}
+		file->flags |= FLAG_GOT_DIR_FLIST;
+	}
+
 	flist = flist_new(0, "recv_file_list");
+	flist_expand(flist, FLIST_START_LARGE);
 
 	if (inc_recurse) {
-		if (flist->ndx_start == 1)
+		if (flist->ndx_start == 1) {
 			dir_flist = flist_new(FLIST_TEMP, "recv_file_list");
+			flist_expand(dir_flist, FLIST_START_LARGE);
+		}
 		dstart = dir_flist->used;
 	} else {
 		dir_flist = flist;
@@ -2542,7 +2690,7 @@ struct file_list *recv_file_list(int f, int dir_ndx)
 					rprintf(FERROR,
 						"ABORTING due to invalid path from sender: %s/%s\n",
 						cur_dir, file->basename);
-					exit_cleanup(RERR_PROTOCOL);
+					exit_cleanup(RERR_UNSUPPORTED);
 				}
 				good_dirname = cur_dir;
 			}
@@ -2559,7 +2707,7 @@ struct file_list *recv_file_list(int f, int dir_ndx)
 		} else if (S_ISLNK(file->mode))
 			stats.num_symlinks++;
 		else if (IS_DEVICE(file->mode))
-			stats.num_symlinks++;
+			stats.num_devices++;
 		else
 			stats.num_specials++;
 
@@ -2587,8 +2735,7 @@ struct file_list *recv_file_list(int f, int dir_ndx)
 		 * list unsorted for our exchange of index numbers with the
 		 * other side (since their names may not sort the same). */
 		flist->sorted = new_array(struct file_struct *, flist->used);
-		memcpy(flist->sorted, flist->files,
-		       flist->used * sizeof (struct file_struct*));
+		memcpy(flist->sorted, flist->files, flist->used * PTR_SIZE);
 		if (inc_recurse && dir_flist->used > dstart) {
 			static int dir_flist_malloced = 0;
 			if (dir_flist_malloced < dir_flist->malloced) {
@@ -2598,7 +2745,7 @@ struct file_list *recv_file_list(int f, int dir_ndx)
 				dir_flist_malloced = dir_flist->malloced;
 			}
 			memcpy(dir_flist->sorted + dstart, dir_flist->files + dstart,
-			       (dir_flist->used - dstart) * sizeof (struct file_struct*));
+			       (dir_flist->used - dstart) * PTR_SIZE);
 			fsort(dir_flist->sorted + dstart, dir_flist->used - dstart);
 		}
 	} else {
@@ -2730,28 +2877,28 @@ int flist_find(struct file_list *flist, struct file_struct *f)
  * 1=match directories, 0=match non-directories, or -1=match either. */
 int flist_find_name(struct file_list *flist, const char *fname, int want_dir_match)
 {
-	struct { /* We have to create a temporary file_struct for the search. */
-		struct file_struct f;
-		char name_space[MAXPATHLEN];
-	} t;
+	static struct file_struct *f;
 	char fbuf[MAXPATHLEN];
 	const char *slash = strrchr(fname, '/');
 	const char *basename = slash ? slash+1 : fname;
 
-	memset(&t.f, 0, FILE_STRUCT_LEN);
-	memcpy((void *)t.f.basename, basename, strlen(basename)+1);
+	if (!f)
+		f = (struct file_struct*)new_array(char, FILE_STRUCT_LEN + MAXPATHLEN + 1);
+
+	memset(f, 0, FILE_STRUCT_LEN);
+	memcpy((void*)f->basename, basename, strlen(basename)+1);
 
 	if (slash) {
 		strlcpy(fbuf, fname, slash - fname + 1);
-		t.f.dirname = fbuf;
+		f->dirname = fbuf;
 	} else
-		t.f.dirname = NULL;
+		f->dirname = NULL;
 
-	t.f.mode = want_dir_match > 0 ? S_IFDIR : S_IFREG;
+	f->mode = want_dir_match > 0 ? S_IFDIR : S_IFREG;
 
 	if (want_dir_match < 0)
-		return flist_find_ignore_dirness(flist, &t.f);
-	return flist_find(flist, &t.f);
+		return flist_find_ignore_dirness(flist, f);
+	return flist_find(flist, f);
 }
 
 /* Search for an identically-named item in the file list.  Differs from
@@ -2792,25 +2939,20 @@ void clear_file(struct file_struct *file)
 }
 
 /* Allocate a new file list. */
-struct file_list *flist_new(int flags, char *msg)
+static struct file_list *flist_new(int flags, const char *msg)
 {
 	struct file_list *flist;
 
 	flist = new0(struct file_list);
 
 	if (flags & FLIST_TEMP) {
-		if (!(flist->file_pool = pool_create(SMALL_EXTENT, 0,
-						     out_of_memory,
-						     POOL_INTERN)))
+		if (!(flist->file_pool = pool_create(SMALL_EXTENT, 0, _out_of_memory, POOL_INTERN)))
 			out_of_memory(msg);
 	} else {
 		/* This is a doubly linked list with prev looping back to
 		 * the end of the list, but the last next pointer is NULL. */
 		if (!first_flist) {
-			flist->file_pool = pool_create(NORMAL_EXTENT, 0,
-						       out_of_memory,
-						       POOL_INTERN);
-			if (!flist->file_pool)
+			if (!(flist->file_pool = pool_create(NORMAL_EXTENT, 0, _out_of_memory, POOL_INTERN)))
 				out_of_memory(msg);
 
 			flist->ndx_start = flist->flist_num = inc_recurse ? 1 : 0;
@@ -3060,8 +3202,8 @@ static void output_flist(struct file_list *flist)
 		} else
 			*uidbuf = '\0';
 		if (gid_ndx) {
-			static char parens[] = "(\0)\0\0\0";
-			char *pp = parens + (file->flags & FLAG_SKIP_GROUP ? 0 : 3);
+			static const char parens[] = "(\0)\0\0\0";
+			const char *pp = parens + (file->flags & FLAG_SKIP_GROUP ? 0 : 3);
 			snprintf(gidbuf, sizeof gidbuf, " gid=%s%u%s",
 				 pp, F_GROUP(file), pp + 2);
 		} else

generator.c

@@ -4,7 +4,7 @@
  * Copyright (C) 1996-2000 Andrew Tridgell
  * Copyright (C) 1996 Paul Mackerras
  * Copyright (C) 2002 Martin Pool <mbp@samba.org>
- * Copyright (C) 2003-2020 Wayne Davison
+ * Copyright (C) 2003-2023 Wayne Davison
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -35,16 +35,18 @@ extern int inc_recurse;
 extern int relative_paths;
 extern int implied_dirs;
 extern int keep_dirlinks;
+extern int write_devices;
 extern int preserve_acls;
 extern int preserve_xattrs;
 extern int preserve_links;
 extern int preserve_devices;
-extern int write_devices;
 extern int preserve_specials;
 extern int preserve_hard_links;
 extern int preserve_executability;
 extern int preserve_perms;
-extern int preserve_times;
+extern int preserve_mtimes;
+extern int omit_dir_times;
+extern int omit_link_times;
 extern int delete_mode;
 extern int delete_before;
 extern int delete_during;
@@ -64,6 +66,7 @@ extern int inplace;
 extern int append_mode;
 extern int make_backups;
 extern int csum_length;
+extern int xfer_sum_len;
 extern int ignore_times;
 extern int size_only;
 extern OFF_T max_size;
@@ -84,7 +87,7 @@ extern int list_only;
 extern int read_batch;
 extern int write_batch;
 extern int safe_symlinks;
-extern long block_size; /* "long" because popt can't set an int32. */
+extern int32 block_size;
 extern int unsort_ndx;
 extern int max_delete;
 extern int force_delete;
@@ -112,10 +115,6 @@ static int need_retouch_dir_times;
 static int need_retouch_dir_perms;
 static const char *solo_file = NULL;
 
-enum nonregtype {
-	TYPE_DIR, TYPE_SPECIAL, TYPE_DEVICE, TYPE_SYMLINK
-};
-
 /* Forward declarations. */
 #ifdef SUPPORT_HARD_LINKS
 static void handle_skipped_hlink(struct file_struct *file, int itemizing,
@@ -186,7 +185,8 @@ static int remember_delete(struct file_struct *file, const char *fname, int flag
 static int read_delay_line(char *buf, int *flags_p)
 {
 	static int read_pos = 0;
-	int j, len, mode;
+	unsigned int mode;
+	int j, len;
 	char *bp, *past_space;
 
 	while (1) {
@@ -230,11 +230,13 @@ static int read_delay_line(char *buf, int *flags_p)
 		*flags_p = 0;
 
 	if (sscanf(bp, "%x ", &mode) != 1) {
-	  invalid_data:
-		rprintf(FERROR, "ERROR: invalid data in delete-delay file.\n");
-		return -1;
+		goto invalid_data;
 	}
-	past_space = strchr(bp, ' ') + 1;
+	past_space = strchr(bp, ' ');
+	if (!past_space) {
+		goto invalid_data;
+	}
+	past_space++;
 	len = j - read_pos - (past_space - bp) + 1; /* count the '\0' */
 	read_pos = j + 1;
 
@@ -248,6 +250,10 @@ static int read_delay_line(char *buf, int *flags_p)
 	memcpy(buf, past_space, len);
 
 	return mode;
+
+invalid_data:
+	rprintf(FERROR, "ERROR: invalid data in delete-delay file.\n");
+	return -1;
 }
 
 static void do_delayed_deletions(char *delbuf)
@@ -270,7 +276,7 @@ static void do_delayed_deletions(char *delbuf)
  * MAXPATHLEN buffer with the name of the directory in it (the functions we
  * call will append names onto the end, but the old dir value will be restored
  * on exit). */
-static void delete_in_dir(char *fbuf, struct file_struct *file, dev_t *fs_dev)
+static void delete_in_dir(char *fbuf, struct file_struct *file, dev_t fs_dev)
 {
 	static int already_warned = 0;
 	static struct hashtable *dev_tbl;
@@ -305,12 +311,12 @@ static void delete_in_dir(char *fbuf, struct file_struct *file, dev_t *fs_dev)
 		if (!dev_tbl)
 			dev_tbl = hashtable_create(16, HT_KEY64);
 		if (file->flags & FLAG_TOP_DIR) {
-			hashtable_find(dev_tbl, *fs_dev+1, "");
-			filesystem_dev = *fs_dev;
-		} else if (filesystem_dev != *fs_dev) {
-			if (!hashtable_find(dev_tbl, *fs_dev+1, NULL))
+			hashtable_find(dev_tbl, fs_dev+1, "");
+			filesystem_dev = fs_dev;
+		} else if (filesystem_dev != fs_dev) {
+			if (!hashtable_find(dev_tbl, fs_dev+1, NULL))
 				return;
-			filesystem_dev = *fs_dev; /* it's a prior top-dir dev */
+			filesystem_dev = fs_dev; /* it's a prior top-dir dev */
 		}
 	}
 
@@ -379,9 +385,9 @@ static void do_delete_pass(void)
 		 || !S_ISDIR(st.st_mode))
 			continue;
 
-		delete_in_dir(fbuf, file, &st.st_dev);
+		delete_in_dir(fbuf, file, st.st_dev);
 	}
-	delete_in_dir(NULL, NULL, &dev_zero);
+	delete_in_dir(NULL, NULL, dev_zero);
 
 	if (INFO_GTE(FLIST, 2) && !am_server)
 		rprintf(FINFO, "                    \r");
@@ -396,6 +402,19 @@ static inline int mtime_differs(STRUCT_STAT *stp, struct file_struct *file)
 #endif
 }
 
+static inline int any_time_differs(stat_x *sxp, struct file_struct *file, UNUSED(const char *fname))
+{
+	int differs = mtime_differs(&sxp->st, file);
+#ifdef SUPPORT_CRTIMES
+	if (!differs && crtimes_ndx) {
+		if (sxp->crtime == 0)
+			sxp->crtime = get_create_time(fname, &sxp->st);
+		differs = !same_time(sxp->crtime, 0, F_CRTIME(file), 0);
+	}
+#endif
+	return differs;
+}
+
 static inline int perms_differ(struct file_struct *file, stat_x *sxp)
 {
 	if (preserve_perms)
@@ -450,7 +469,7 @@ int unchanged_attrs(const char *fname, struct file_struct *file, stat_x *sxp)
 {
 	if (S_ISLNK(file->mode)) {
 #ifdef CAN_SET_SYMLINK_TIMES
-		if (preserve_times & PRESERVE_LINK_TIMES && mtime_differs(&sxp->st, file))
+		if (preserve_mtimes && !omit_link_times && any_time_differs(sxp, file, fname))
 			return 0;
 #endif
 #ifdef CAN_CHMOD_SYMLINK
@@ -470,7 +489,7 @@ int unchanged_attrs(const char *fname, struct file_struct *file, stat_x *sxp)
 			return 0;
 #endif
 	} else {
-		if (preserve_times && mtime_differs(&sxp->st, file))
+		if (preserve_mtimes && any_time_differs(sxp, file, fname))
 			return 0;
 		if (perms_differ(file, sxp))
 			return 0;
@@ -494,9 +513,9 @@ void itemize(const char *fnamecmp, struct file_struct *file, int ndx, int statre
 	     const char *xname)
 {
 	if (statret >= 0) { /* A from-dest-dir statret can == 1! */
-		int keep_time = !preserve_times ? 0
-		    : S_ISDIR(file->mode) ? preserve_times & PRESERVE_DIR_TIMES
-		    : S_ISLNK(file->mode) ? preserve_times & PRESERVE_LINK_TIMES
+		int keep_time = !preserve_mtimes ? 0
+		    : S_ISDIR(file->mode) ? !omit_dir_times
+		    : S_ISLNK(file->mode) ? !omit_link_times
 		    : 1;
 
 		if (S_ISREG(file->mode) && F_LENGTH(file) != sxp->st.st_size)
@@ -512,7 +531,15 @@ void itemize(const char *fnamecmp, struct file_struct *file, int ndx, int statre
 		if (atimes_ndx && !S_ISDIR(file->mode) && !S_ISLNK(file->mode)
 		 && !same_time(F_ATIME(file), 0, sxp->st.st_atime, 0))
 			iflags |= ITEM_REPORT_ATIME;
-#if !defined HAVE_LCHMOD && !defined HAVE_SETATTRLIST
+#ifdef SUPPORT_CRTIMES
+		if (crtimes_ndx) {
+			if (sxp->crtime == 0)
+				sxp->crtime = get_create_time(fnamecmp, &sxp->st);
+			if (!same_time(sxp->crtime, 0, F_CRTIME(file), 0))
+				iflags |= ITEM_REPORT_CRTIME;
+		}
+#endif
+#ifndef CAN_CHMOD_SYMLINK
 		if (S_ISLNK(file->mode)) {
 			;
 		} else
@@ -578,30 +605,77 @@ void itemize(const char *fnamecmp, struct file_struct *file, int ndx, int statre
 	}
 }
 
-
-/* Perform our quick-check heuristic for determining if a file is unchanged. */
-int unchanged_file(char *fn, struct file_struct *file, STRUCT_STAT *st)
+static enum filetype get_file_type(mode_t mode)
 {
-	if (st->st_size != F_LENGTH(file))
-		return 0;
-
-	/* if always checksum is set then we use the checksum instead
-	   of the file time to determine whether to sync */
-	if (always_checksum > 0 && S_ISREG(st->st_mode)) {
-		char sum[MAX_DIGEST_LEN];
-		file_checksum(fn, st, sum);
-		return memcmp(sum, F_SUM(file), flist_csum_len) == 0;
-	}
-
-	if (size_only > 0)
-		return 1;
-
-	if (ignore_times)
-		return 0;
-
-	return !mtime_differs(st, file);
+	if (S_ISREG(mode))
+		return FT_REG;
+	if (S_ISLNK(mode))
+		return FT_SYMLINK;
+	if (S_ISDIR(mode))
+		return FT_DIR;
+	if (IS_SPECIAL(mode))
+		return FT_SPECIAL;
+	if (IS_DEVICE(mode))
+		return FT_DEVICE;
+	return FT_UNSUPPORTED;
 }
 
+/* Perform our quick-check heuristic for determining if a file is unchanged. */
+int quick_check_ok(enum filetype ftype, const char *fn, struct file_struct *file, STRUCT_STAT *st)
+{
+	switch (ftype) {
+	  case FT_REG:
+		if (st->st_size != F_LENGTH(file))
+			return 0;
+
+		/* If always_checksum is set then we use the checksum instead
+		 * of the file mtime to determine whether to sync. */
+		if (always_checksum > 0) {
+			char sum[MAX_DIGEST_LEN];
+			file_checksum(fn, st, sum);
+			return memcmp(sum, F_SUM(file), flist_csum_len) == 0;
+		}
+
+		if (size_only > 0)
+			return 1;
+
+		if (ignore_times)
+			return 0;
+
+		if (mtime_differs(st, file))
+			return 0;
+		break;
+	  case FT_DIR:
+		break;
+	  case FT_SYMLINK: {
+#ifdef SUPPORT_LINKS
+		char lnk[MAXPATHLEN];
+		int len = do_readlink(fn, lnk, MAXPATHLEN-1);
+		if (len <= 0)
+			return 0;
+		lnk[len] = '\0';
+		if (strcmp(lnk, F_SYMLINK(file)) != 0)
+			return 0;
+		break;
+#else
+		return -1;
+#endif
+	  }
+	  case FT_SPECIAL:
+		if (!BITS_EQUAL(file->mode, st->st_mode, _S_IFMT))
+			return 0;
+		break;
+	  case FT_DEVICE: {
+		uint32 *devp = F_RDEV_P(file);
+		if (st->st_rdev != MAKEDEV(DEV_MAJOR(devp), DEV_MINOR(devp)))
+			return 0;
+		break;
+	  }
+	  case FT_UNSUPPORTED:
+		return -1;
+	}
+	return 1;
+}
 
 /*
  * set (initialize) the size entries in the per-file sum_struct
@@ -624,6 +698,11 @@ static void sum_sizes_sqroot(struct sum_struct *sum, int64 len)
 {
 	int32 blength;
 	int s2length;
+	/* The strong sum can be no longer than the negotiated checksum digest:
+	 * a short checksum (e.g. xxh64 = 8 bytes, when xxh128/xxh3 are absent)
+	 * makes xfer_sum_len < SUM_LENGTH, and the sender rejects an s2length
+	 * larger than xfer_sum_len (io.c). */
+	int max_s2length = MIN(SUM_LENGTH, xfer_sum_len);
 	int64 l;
 
 	if (len < 0) {
@@ -658,7 +737,7 @@ static void sum_sizes_sqroot(struct sum_struct *sum, int64 len)
 	if (protocol_version < 27) {
 		s2length = csum_length;
 	} else if (csum_length == SUM_LENGTH) {
-		s2length = SUM_LENGTH;
+		s2length = max_s2length;
 	} else {
 		int32 c;
 		int b = BLOCKSUM_BIAS;
@@ -667,7 +746,7 @@ static void sum_sizes_sqroot(struct sum_struct *sum, int64 len)
 		/* add a bit, subtract rollsum, round up. */
 		s2length = (b + 1 - 32 + 7) / 8; /* --optimize in compiler-- */
 		s2length = MAX(s2length, csum_length);
-		s2length = MIN(s2length, SUM_LENGTH);
+		s2length = MIN(s2length, max_s2length);
 	}
 
 	sum->flength	= len;
@@ -716,7 +795,7 @@ static int generate_and_send_sums(int fd, OFF_T len, int f_out, int f_copy)
 	for (i = 0; i < sum.count; i++) {
 		int32 n1 = (int32)MIN(len, (OFF_T)sum.blength);
 		char *map = map_ptr(mapbuf, offset, n1);
-		char sum2[SUM_LENGTH];
+		char sum2[MAX_DIGEST_LEN];
 		uint32 sum1;
 
 		len -= n1;
@@ -808,9 +887,12 @@ static struct file_struct *find_fuzzy(struct file_struct *file, struct file_list
 			len = strlen(name);
 			suf = find_filename_suffix(name, len, &suf_len);
 
-			dist = fuzzy_distance(name, len, fname, fname_len);
-			/* Add some extra weight to how well the suffixes match. */
-			dist += fuzzy_distance(suf, suf_len, fname_suf, fname_suf_len) * 10;
+			dist = fuzzy_distance(name, len, fname, fname_len, lowest_dist);
+			/* Add some extra weight to how well the suffixes match unless we've already disqualified
+			 * this file based on a heuristic. */
+			if (dist < 0xFFFF0000U) {
+				dist += fuzzy_distance(suf, suf_len, fname_suf, fname_suf_len, 0xFFFF0000U) * 10;
+			}
 			if (DEBUG_GTE(FUZZY, 2)) {
 				rprintf(FINFO, "fuzzy distance for %s = %d.%05d\n",
 					f_name(fp, NULL), (int)(dist>>16), (int)(dist&0xFFFF));
@@ -886,7 +968,7 @@ static int try_dests_reg(struct file_struct *file, char *fname, int ndx,
 			best_match = j;
 			match_level = 1;
 		}
-		if (!unchanged_file(cmpbuf, file, &sxp->st))
+		if (!quick_check_ok(FT_REG, cmpbuf, file, &sxp->st))
 			continue;
 		if (match_level == 1) {
 			best_match = j;
@@ -914,7 +996,7 @@ static int try_dests_reg(struct file_struct *file, char *fname, int ndx,
 		if (find_exact_for_existing) {
 			if (alt_dest_type == LINK_DEST && real_st.st_dev == sxp->st.st_dev && real_st.st_ino == sxp->st.st_ino)
 				return -1;
-			if (do_unlink(fname) < 0 && errno != ENOENT)
+			if (do_unlink_at(fname) < 0 && errno != ENOENT)
 				goto got_nothing_for_ya;
 		}
 #ifdef SUPPORT_HARD_LINKS
@@ -985,29 +1067,14 @@ static int try_dests_non(struct file_struct *file, char *fname, int ndx,
 {
 	int best_match = -1;
 	int match_level = 0;
-	enum nonregtype type;
-	uint32 *devp;
-#ifdef SUPPORT_LINKS
-	char lnk[MAXPATHLEN];
-	int len;
-#endif
+	enum filetype ftype = get_file_type(file->mode);
 	int j = 0;
 
 #ifndef SUPPORT_LINKS
-	if (S_ISLNK(file->mode))
+	if (ftype == FT_SYMLINK)
 		return -1;
 #endif
-	if (S_ISDIR(file->mode)) {
-		type = TYPE_DIR;
-	} else if (IS_SPECIAL(file->mode))
-		type = TYPE_SPECIAL;
-	else if (IS_DEVICE(file->mode))
-		type = TYPE_DEVICE;
-#ifdef SUPPORT_LINKS
-	else if (S_ISLNK(file->mode))
-		type = TYPE_SYMLINK;
-#endif
-	else {
+	if (ftype == FT_REG || ftype == FT_UNSUPPORTED) {
 		rprintf(FERROR,
 			"internal: try_dests_non() called with invalid mode (%o)\n",
 			(int)file->mode);
@@ -1018,53 +1085,14 @@ static int try_dests_non(struct file_struct *file, char *fname, int ndx,
 		pathjoin(cmpbuf, MAXPATHLEN, basis_dir[j], fname);
 		if (link_stat(cmpbuf, &sxp->st, 0) < 0)
 			continue;
-		switch (type) {
-		case TYPE_DIR:
-			if (!S_ISDIR(sxp->st.st_mode))
-				continue;
-			break;
-		case TYPE_SPECIAL:
-			if (!IS_SPECIAL(sxp->st.st_mode))
-				continue;
-			break;
-		case TYPE_DEVICE:
-			if (!IS_DEVICE(sxp->st.st_mode))
-				continue;
-			break;
-		case TYPE_SYMLINK:
-#ifdef SUPPORT_LINKS
-			if (!S_ISLNK(sxp->st.st_mode))
-				continue;
-			break;
-#else
-			return -1;
-#endif
-		}
+		if (ftype != get_file_type(sxp->st.st_mode))
+			continue;
 		if (match_level < 1) {
 			match_level = 1;
 			best_match = j;
 		}
-		switch (type) {
-		case TYPE_DIR:
-		case TYPE_SPECIAL:
-			break;
-		case TYPE_DEVICE:
-			devp = F_RDEV_P(file);
-			if (sxp->st.st_rdev != MAKEDEV(DEV_MAJOR(devp), DEV_MINOR(devp)))
-				continue;
-			break;
-		case TYPE_SYMLINK:
-#ifdef SUPPORT_LINKS
-			if ((len = do_readlink(cmpbuf, lnk, MAXPATHLEN-1)) <= 0)
-				continue;
-			lnk[len] = '\0';
-			if (strcmp(lnk, F_SYMLINK(file)) != 0)
-				continue;
-			break;
-#else
-			return -1;
-#endif
-		}
+		if (!quick_check_ok(ftype, cmpbuf, file, &sxp->st))
+			continue;
 		if (match_level < 2) {
 			match_level = 2;
 			best_match = j;
@@ -1096,7 +1124,7 @@ static int try_dests_non(struct file_struct *file, char *fname, int ndx,
 		 && !IS_SPECIAL(file->mode) && !IS_DEVICE(file->mode)
 #endif
 		 && !S_ISDIR(file->mode)) {
-			if (do_link(cmpbuf, fname) < 0) {
+			if (do_link_at(cmpbuf, fname) < 0) {
 				rsyserr(FERROR_XFER, errno,
 					"failed to hard-link %s with %s",
 					cmpbuf, fname);
@@ -1109,14 +1137,14 @@ static int try_dests_non(struct file_struct *file, char *fname, int ndx,
 			match_level = 2;
 		if (itemizing && stdout_format_has_i
 		 && (INFO_GTE(NAME, 2) || stdout_format_has_i > 1)) {
-			int chg = alt_dest_type == COMPARE_DEST && type != TYPE_DIR ? 0
+			int chg = alt_dest_type == COMPARE_DEST && ftype != FT_DIR ? 0
 			    : ITEM_LOCAL_CHANGE + (match_level == 3 ? ITEM_XNAME_FOLLOWS : 0);
 			char *lp = match_level == 3 ? "" : NULL;
 			itemize(cmpbuf, file, ndx, 0, sxp, chg + ITEM_MATCHED, 0, lp);
 		}
 		if (INFO_GTE(NAME, 2) && maybe_ATTRS_REPORT) {
 			rprintf(FCLIENT, "%s%s is uptodate\n",
-				fname, type == TYPE_DIR ? "/" : "");
+				fname, ftype == FT_DIR ? "/" : "");
 		}
 		return -2;
 	}
@@ -1131,6 +1159,7 @@ static void list_file_entry(struct file_struct *f)
 	int size_width = human_readable ? 14 : 11;
 	int mtime_width = 1 + strlen(mtime_str);
 	int atime_width = atimes_ndx ? mtime_width : 0;
+	int crtime_width = crtimes_ndx ? mtime_width : 0;
 
 	if (!F_IS_ACTIVE(f)) {
 		/* this can happen if duplicate names were removed */
@@ -1141,10 +1170,11 @@ static void list_file_entry(struct file_struct *f)
 
 	if (missing_args == 2 && f->mode == 0) {
 		rprintf(FINFO, "%-*s %s\n",
-			10 + 1 + size_width + mtime_width + atime_width, "*missing",
+			10 + 1 + size_width + mtime_width + atime_width + crtime_width, "*missing",
 			f_name(f, NULL));
 	} else {
 		const char *atime_str = atimes_ndx && !S_ISDIR(f->mode) ? timestring(F_ATIME(f)) : "";
+		const char *crtime_str = crtimes_ndx ? timestring(F_CRTIME(f)) : "";
 		const char *arrow, *lnk;
 
 		permstring(permbuf, f->mode);
@@ -1157,9 +1187,9 @@ static void list_file_entry(struct file_struct *f)
 #endif
 			arrow = lnk = "";
 
-		rprintf(FINFO, "%s %*s %s%*s %s%s%s\n",
+		rprintf(FINFO, "%s %*s %s%*s%*s %s%s%s\n",
 			permbuf, size_width, human_num(F_LENGTH(f)),
-			timestring(f->modtime), atime_width, atime_str,
+			timestring(f->modtime), atime_width, atime_str, crtime_width, crtime_str,
 			f_name(f, NULL), arrow, lnk);
 	}
 }
@@ -1208,7 +1238,8 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
 	char fnamecmpbuf[MAXPATHLEN];
 	uchar fnamecmp_type;
 	int del_opts = delete_mode || force_delete ? DEL_RECURSE : 0;
-	int is_dir = !S_ISDIR(file->mode) ? 0
+	enum filetype stype, ftype = get_file_type(file->mode);
+	int is_dir = ftype != FT_DIR ? 0
 		   : inc_recurse && ndx != cur_flist->ndx_start - 1 ? -1
 		   : 1;
 
@@ -1277,21 +1308,26 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
 			 * this function was asked to process in the file list. */
 			if (!inc_recurse
 			 && (*dn != '.' || dn[1]) /* Avoid an issue with --relative and the "." dir. */
-			 && (!prior_dir_file || strcmp(dn, f_name(prior_dir_file, NULL)) != 0)
-			 && flist_find_name(cur_flist, dn, 1) < 0) {
+			 && (!prior_dir_file || strcmp(dn, f_name(prior_dir_file, NULL)) != 0)) {
+				int ok = 0, j = flist_find_name(cur_flist, dn, -1);
+				if (j >= 0) {
+					struct file_struct *f = cur_flist->sorted[j];
+					if (S_ISDIR(f->mode) || (missing_args == 2 && !file->mode && !f->mode))
+						ok = 1;
+				}
 				/* The --delete-missing-args option can actually put invalid entries into
 				 * the file list, so if that option was specified, we'll just complain about
 				 * it and allow it. */
-				if (missing_args == 2 && file->mode == 0)
+				if (!ok && missing_args == 2 && file->mode == 0 && j < 0)
 					rprintf(FERROR, "WARNING: parent dir is absent in the file list: %s\n", dn);
-				else {
+				else if (!ok) {
 					rprintf(FERROR, "ABORTING due to invalid path from sender: %s/%s\n",
 						dn, file->basename);
 					exit_cleanup(RERR_PROTOCOL);
 				}
 			}
-			if (relative_paths && !implied_dirs
-			 && do_stat(dn, &sx.st) < 0) {
+			if (relative_paths && !implied_dirs && file->mode != 0
+			 && do_stat_at(dn, &sx.st) < 0) {
 				if (dry_run)
 					goto parent_is_dry_missing;
 				if (make_path(fname, MKP_DROP_NAME | MKP_SKIP_SLASH) < 0) {
@@ -1351,10 +1387,27 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
 	 && !am_root && sx.st.st_uid == our_uid)
 		del_opts |= DEL_NO_UID_WRITE;
 
+	if (statret == 0)
+		stype = get_file_type(sx.st.st_mode);
+	else
+		stype = FT_UNSUPPORTED;
+
 	if (ignore_existing > 0 && statret == 0
-	 && (!is_dir || !S_ISDIR(sx.st.st_mode))) {
-		if (INFO_GTE(SKIP, 1) && is_dir >= 0)
-			rprintf(FINFO, "%s exists\n", fname);
+	 && (!is_dir || stype != FT_DIR)) {
+		if (INFO_GTE(SKIP, 1) && is_dir >= 0) {
+			const char *suf = "";
+			if (INFO_GTE(SKIP, 2)) {
+				if (ftype != stype)
+					suf = " (type change)";
+				else if (!quick_check_ok(ftype, fname, file, &sx.st))
+					suf = always_checksum ? " (sum change)" : " (file change)";
+				else if (!unchanged_attrs(fname, file, &sx))
+					suf = " (attr change)";
+				else
+					suf = " (uptodate)";
+			}
+			rprintf(FINFO, "%s exists%s\n", fname, suf);
+		}
 #ifdef SUPPORT_HARD_LINKS
 		if (F_IS_HLINKED(file))
 			handle_skipped_hlink(file, itemizing, code, f_out);
@@ -1375,7 +1428,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
 		} else
 			added_perms = 0;
 		if (is_dir < 0) {
-			if (!(preserve_times & PRESERVE_DIR_TIMES))
+			if (!preserve_mtimes || omit_dir_times)
 				goto cleanup;
 			/* In inc_recurse mode we want to make sure any missing
 			 * directories get created while we're still processing
@@ -1383,10 +1436,10 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
 			 * dir's mtime right away).  We will handle the dir in
 			 * full later (right before we handle its contents). */
 			if (statret == 0
-			 && (S_ISDIR(sx.st.st_mode)
+			 && (stype == FT_DIR
 			  || delete_item(fname, sx.st.st_mode, del_opts | DEL_FOR_DIR) != 0))
 				goto cleanup; /* Any errors get reported later. */
-			if (do_mkdir(fname, (file->mode|added_perms) & 0700) == 0)
+			if (do_mkdir_at(fname, (file->mode|added_perms) & 0700) == 0)
 				file->flags |= FLAG_DIR_CREATED;
 			goto cleanup;
 		}
@@ -1395,7 +1448,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
 		 * file of that name and it is *not* a directory, then
 		 * we need to delete it.  If it doesn't exist, then
 		 * (perhaps recursively) create it. */
-		if (statret == 0 && !S_ISDIR(sx.st.st_mode)) {
+		if (statret == 0 && stype != FT_DIR) {
 			if (delete_item(fname, sx.st.st_mode, del_opts | DEL_FOR_DIR) != 0)
 				goto skipping_dir_contents;
 			statret = -1;
@@ -1428,10 +1481,10 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
 			itemize(fnamecmp, file, ndx, statret, &sx,
 				statret ? ITEM_LOCAL_CHANGE : 0, 0, NULL);
 		}
-		if (real_ret != 0 && do_mkdir(fname,file->mode|added_perms) < 0 && errno != EEXIST) {
+		if (real_ret != 0 && do_mkdir_at(fname,file->mode|added_perms) < 0 && errno != EEXIST) {
 			if (!relative_paths || errno != ENOENT
 			 || make_path(fname, MKP_DROP_NAME | MKP_SKIP_SLASH) < 0
-			 || (do_mkdir(fname, file->mode|added_perms) < 0 && errno != EEXIST)) {
+			 || (do_mkdir_at(fname, file->mode|added_perms) < 0 && errno != EEXIST)) {
 				rsyserr(FERROR_XFER, errno,
 					"recv_generator: mkdir %s failed",
 					full_fname(fname));
@@ -1458,7 +1511,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
 #ifdef HAVE_CHMOD
 		if (!am_root && (file->mode & S_IRWXU) != S_IRWXU && dir_tweaking) {
 			mode_t mode = file->mode | S_IRWXU;
-			if (do_chmod(fname, mode) < 0) {
+			if (do_chmod_at(fname, mode) < 0) {
 				rsyserr(FERROR_XFER, errno,
 					"failed to modify permissions on %s",
 					full_fname(fname));
@@ -1479,7 +1532,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
 		else if (delete_during && f_out != -1 && !phase
 		    && !(file->flags & FLAG_MISSING_DIR)) {
 			if (file->flags & FLAG_CONTENT_DIR)
-				delete_in_dir(fname, file, &real_sx.st.st_dev);
+				delete_in_dir(fname, file, real_sx.st.st_dev);
 			else
 				change_local_filter_dir(fname, strlen(fname), F_DEPTH(file));
 		}
@@ -1490,7 +1543,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
 	/* If we're not preserving permissions, change the file-list's
 	 * mode based on the local permissions and some heuristics. */
 	if (!preserve_perms) {
-		int exists = statret == 0 && !S_ISDIR(sx.st.st_mode);
+		int exists = statret == 0 && stype != FT_DIR;
 		file->mode = dest_mode(file->mode, sx.st.st_mode, dflt_perms, exists);
 	}
 
@@ -1500,7 +1553,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
 		goto cleanup;
 #endif
 
-	if (preserve_links && S_ISLNK(file->mode)) {
+	if (preserve_links && ftype == FT_SYMLINK) {
 #ifdef SUPPORT_LINKS
 		const char *sl = F_SYMLINK(file);
 		if (safe_symlinks && unsafe_symlink(sl, fname)) {
@@ -1517,12 +1570,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
 			goto cleanup;
 		}
 		if (statret == 0) {
-			char lnk[MAXPATHLEN];
-			int len;
-
-			if (S_ISLNK(sx.st.st_mode)
-			 && (len = do_readlink(fname, lnk, MAXPATHLEN-1)) > 0
-			 && strncmp(lnk, sl, len) == 0 && sl[len] == '\0') {
+			if (stype == FT_SYMLINK && quick_check_ok(stype, fname, file, &sx.st)) {
 				/* The link is pointing to the right place. */
 				set_file_attrs(fname, file, &sx, NULL, maybe_ATTRS_REPORT);
 				if (itemizing)
@@ -1555,7 +1603,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
 		if (atomic_create(file, fname, sl, NULL, MAKEDEV(0, 0), &sx, statret == 0 ? DEL_FOR_SYMLINK : 0)) {
 			set_file_attrs(fname, file, NULL, NULL, 0);
 			if (itemizing) {
-				if (statret == 0 && !S_ISLNK(sx.st.st_mode))
+				if (statret == 0 && stype != FT_SYMLINK)
 					statret = -1;
 				itemize(fnamecmp, file, ndx, statret, &sx,
 					ITEM_LOCAL_CHANGE|ITEM_REPORT_CHANGE, 0, NULL);
@@ -1576,28 +1624,22 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
 		goto cleanup;
 	}
 
-	if ((am_root && preserve_devices && IS_DEVICE(file->mode))
-	 || (preserve_specials && IS_SPECIAL(file->mode))) {
+	if ((am_root && preserve_devices && ftype == FT_DEVICE)
+	 || (preserve_specials && ftype == FT_SPECIAL)) {
 		dev_t rdev;
-		int del_for_flag = 0;
-		if (IS_DEVICE(file->mode)) {
+		int del_for_flag;
+		if (ftype == FT_DEVICE) {
 			uint32 *devp = F_RDEV_P(file);
 			rdev = MAKEDEV(DEV_MAJOR(devp), DEV_MINOR(devp));
-		} else
+			del_for_flag = DEL_FOR_DEVICE;
+		} else {
 			rdev = 0;
+			del_for_flag = DEL_FOR_SPECIAL;
+		}
 		if (statret == 0) {
-			if (IS_DEVICE(file->mode)) {
-				if (!IS_DEVICE(sx.st.st_mode))
-					statret = -1;
-				del_for_flag = DEL_FOR_DEVICE;
-			} else {
-				if (!IS_SPECIAL(sx.st.st_mode))
-					statret = -1;
-				del_for_flag = DEL_FOR_SPECIAL;
-			}
-			if (statret == 0
-			 && BITS_EQUAL(sx.st.st_mode, file->mode, _S_IFMT)
-			 && (IS_SPECIAL(sx.st.st_mode) || sx.st.st_rdev == rdev)) {
+			if (ftype != stype)
+				statret = -1;
+			else if (quick_check_ok(ftype, fname, file, &sx.st)) {
 				/* The device or special file is identical. */
 				set_file_attrs(fname, file, &sx, NULL, maybe_ATTRS_REPORT);
 				if (itemizing)
@@ -1650,10 +1692,12 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
 		goto cleanup;
 	}
 
-	if (!S_ISREG(file->mode)) {
-		if (solo_file)
-			fname = f_name(file, NULL);
-		rprintf(FINFO, "skipping non-regular file \"%s\"\n", fname);
+	if (ftype != FT_REG) {
+		if (INFO_GTE(NONREG, 1)) {
+			if (solo_file)
+				fname = f_name(file, NULL);
+			rprintf(FINFO, "skipping non-regular file \"%s\"\n", fname);
+		}
 		goto cleanup;
 	}
 
@@ -1674,7 +1718,8 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
 		goto cleanup;
 	}
 
-	if (update_only > 0 && statret == 0 && file->modtime - sx.st.st_mtime <= modify_window) {
+	if (update_only > 0 && statret == 0 && stype == ftype
+	 && file->modtime - sx.st.st_mtime < modify_window) {
 		if (INFO_GTE(SKIP, 1))
 			rprintf(FINFO, "%s is newer\n", fname);
 #ifdef SUPPORT_HARD_LINKS
@@ -1686,7 +1731,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
 
 	fnamecmp_type = FNAMECMP_FNAME;
 
-	if (statret == 0 && !(S_ISREG(sx.st.st_mode) || (write_devices && IS_DEVICE(sx.st.st_mode)))) {
+	if (statret == 0 && !(stype == FT_REG || (write_devices && stype == FT_DEVICE))) {
 		if (delete_item(fname, sx.st.st_mode, del_opts | DEL_FOR_FILE) != 0)
 			goto cleanup;
 		statret = -1;
@@ -1720,7 +1765,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
 		partialptr = NULL;
 
 	if (statret != 0 && fuzzy_basis) {
-		if (need_fuzzy_dirlist && S_ISREG(file->mode)) {
+		if (need_fuzzy_dirlist) {
 			const char *dn = file->dirname ? file->dirname : ".";
 			int i;
 			strlcpy(fnamecmpbuf, dn, sizeof fnamecmpbuf);
@@ -1764,13 +1809,19 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
 		goto cleanup;
 	}
 
+	if (write_devices && IS_DEVICE(sx.st.st_mode) && sx.st.st_size == 0) {
+		/* This early open into fd skips the regular open below. */
+		if ((fd = do_open_nofollow(fnamecmp, O_RDONLY)) >= 0)
+			real_sx.st.st_size = sx.st.st_size = get_device_size(fd, fnamecmp);
+	}
+
 	if (fnamecmp_type <= FNAMECMP_BASIS_DIR_HIGH)
 		;
 	else if (fnamecmp_type >= FNAMECMP_FUZZY)
 		;
-	else if (unchanged_file(fnamecmp, file, &sx.st)) {
+	else if (quick_check_ok(FT_REG, fnamecmp, file, &sx.st)) {
 		if (partialptr) {
-			do_unlink(partialptr);
+			do_unlink_at(partialptr);
 			handle_partial_dir(partialptr, PDIR_DELETE);
 		}
 		set_file_attrs(fname, file, &sx, NULL, maybe_ATTRS_REPORT | maybe_ATTRS_ACCURATE_TIME);
@@ -1784,7 +1835,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
 			goto cleanup;
 	  return_with_success:
 		if (!dry_run)
-			send_msg_int(MSG_SUCCESS, ndx);
+			send_msg_success(fname, ndx);
 		goto cleanup;
 	}
 
@@ -1829,7 +1880,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
 	}
 
 	/* open the file */
-	if ((fd = do_open(fnamecmp, O_RDONLY, 0)) < 0) {
+	if (fd < 0 && (fd = do_open_checklinks(fnamecmp)) < 0) {
 		rsyserr(FERROR, errno, "failed to open %s, continuing",
 			full_fname(fnamecmp));
 	  pretend_missing:
@@ -1846,11 +1897,9 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
 
 	if (inplace && make_backups > 0 && fnamecmp_type == FNAMECMP_FNAME) {
 		if (!(backupptr = get_backup_name(fname))) {
-			close(fd);
 			goto cleanup;
 		}
 		if (!(back_file = make_file(fname, NULL, NULL, 0, NO_FILTERS))) {
-			close(fd);
 			goto pretend_missing;
 		}
 		if (robust_unlink(backupptr) && errno != ENOENT) {
@@ -1858,14 +1907,12 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
 				full_fname(backupptr));
 			unmake_file(back_file);
 			back_file = NULL;
-			close(fd);
 			goto cleanup;
 		}
-		if ((f_copy = do_open(backupptr, O_WRONLY | O_CREAT | O_TRUNC | O_EXCL, 0600)) < 0) {
+		if ((f_copy = do_open_at(backupptr, O_WRONLY | O_CREAT | O_TRUNC | O_EXCL, 0600)) < 0) {
 			rsyserr(FERROR_XFER, errno, "open %s", full_fname(backupptr));
 			unmake_file(back_file);
 			back_file = NULL;
-			close(fd);
 			goto cleanup;
 		}
 		fnamecmp_type = FNAMECMP_BACKUP;
@@ -1916,7 +1963,6 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
 		write_sum_head(f_out, NULL);
 	else if (sx.st.st_size <= 0) {
 		write_sum_head(f_out, NULL);
-		close(fd);
 	} else {
 		if (generate_and_send_sums(fd, sx.st.st_size, f_out, f_copy) < 0) {
 			rprintf(FWARNING,
@@ -1924,10 +1970,11 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx,
 				fnamecmp);
 			write_sum_head(f_out, NULL);
 		}
-		close(fd);
 	}
 
   cleanup:
+	if (fd >= 0)
+		close(fd);
 	if (back_file) {
 		int save_preserve_xattrs = preserve_xattrs;
 		if (f_copy >= 0)
@@ -1982,7 +2029,7 @@ int atomic_create(struct file_struct *file, char *fname, const char *slnk, const
 
 	if (slnk) {
 #ifdef SUPPORT_LINKS
-		if (do_symlink(slnk, create_name) < 0) {
+		if (do_symlink_at(slnk, create_name) < 0) {
 			rsyserr(FERROR_XFER, errno, "symlink %s -> \"%s\" failed",
 				full_fname(create_name), slnk);
 			return 0;
@@ -1998,7 +2045,7 @@ int atomic_create(struct file_struct *file, char *fname, const char *slnk, const
 		return 0;
 #endif
 	} else {
-		if (do_mknod(create_name, file->mode, rdev) < 0) {
+		if (do_mknod_at(create_name, file->mode, rdev) < 0) {
 			rsyserr(FERROR_XFER, errno, "mknod %s failed",
 				full_fname(create_name));
 			return 0;
@@ -2006,10 +2053,14 @@ int atomic_create(struct file_struct *file, char *fname, const char *slnk, const
 	}
 
 	if (!skip_atomic) {
-		if (do_rename(tmpname, fname) < 0) {
+		if (do_rename_at(tmpname, fname) < 0) {
+			char *full_tmpname = strdup(full_fname(tmpname));
+			if (full_tmpname == NULL)
+				out_of_memory("atomic_create");
 			rsyserr(FERROR_XFER, errno, "rename %s -> \"%s\" failed",
-				full_fname(tmpname), full_fname(fname));
-			do_unlink(tmpname);
+				full_tmpname, full_fname(fname));
+			free(full_tmpname);
+			do_unlink_at(tmpname);
 			return 0;
 		}
 	}
@@ -2073,7 +2124,7 @@ static void touch_up_dirs(struct file_list *flist, int ndx)
 			continue;
 		fname = f_name(file, NULL);
 		if (fix_dir_perms)
-			do_chmod(fname, file->mode);
+			do_chmod_at(fname, file->mode);
 		if (need_retouch_dir_times) {
 			STRUCT_STAT st;
 			if (link_stat(fname, &st, 0) == 0 && mtime_differs(&st, file)) {
@@ -2108,6 +2159,8 @@ void check_for_finished_files(int itemizing, enum logcode code, int check_redo)
 			if (send_failed)
 				ndx = get_hlink_num();
 			flist = flist_for_ndx(ndx, "check_for_finished_files.1");
+			if (ndx < flist->ndx_start)
+				exit_cleanup(RERR_PROTOCOL);
 			file = flist->files[ndx - flist->ndx_start];
 			assert(file->flags & FLAG_HLINKED);
 			if (send_failed)
@@ -2136,6 +2189,8 @@ void check_for_finished_files(int itemizing, enum logcode code, int check_redo)
 
 			flist = cur_flist;
 			cur_flist = flist_for_ndx(ndx, "check_for_finished_files.2");
+			if (ndx < cur_flist->ndx_start)
+				exit_cleanup(RERR_PROTOCOL);
 
 			file = cur_flist->files[ndx - cur_flist->ndx_start];
 			if (solo_file)
@@ -2213,7 +2268,7 @@ void generate_files(int f_out, const char *local_name)
 	}
 	solo_file = local_name;
 	dir_tweaking = !(list_only || solo_file || dry_run);
-	need_retouch_dir_times = preserve_times & PRESERVE_DIR_TIMES;
+	need_retouch_dir_times = preserve_mtimes && !omit_dir_times;
 	loopchk_limit = allowed_lull ? allowed_lull * 5 : 200;
 	symlink_timeset_failed_flags = ITEM_REPORT_TIME
 	    | (protocol_version >= 30 || !am_server ? ITEM_REPORT_TIMEFAIL : 0);
@@ -2266,7 +2321,7 @@ void generate_files(int f_out, const char *local_name)
 						dirdev = MAKEDEV(DEV_MAJOR(devp), DEV_MINOR(devp));
 					} else
 						dirdev = MAKEDEV(0, 0);
-					delete_in_dir(fbuf, fp, &dirdev);
+					delete_in_dir(fbuf, fp, dirdev);
 				} else
 					change_local_filter_dir(fbuf, strlen(fbuf), F_DEPTH(fp));
 			}
@@ -2313,7 +2368,7 @@ void generate_files(int f_out, const char *local_name)
 	} while ((cur_flist = cur_flist->next) != NULL);
 
 	if (delete_during)
-		delete_in_dir(NULL, NULL, &dev_zero);
+		delete_in_dir(NULL, NULL, dev_zero);
 	phase++;
 	if (DEBUG_GTE(GENR, 1))
 		rprintf(FINFO, "generate_files phase=%d\n", phase);
@@ -2336,7 +2391,7 @@ void generate_files(int f_out, const char *local_name)
 		write_ndx(f_out, NDX_DONE);
 
 	if (protocol_version >= 31 && EARLY_DELETE_DONE_MSG()) {
-		if ((INFO_GTE(STATS, 2) && (delete_mode || force_delete)) || read_batch)
+		if (delete_mode || force_delete || read_batch)
 			write_del_stats(f_out);
 		if (EARLY_DELAY_DONE_MSG()) /* Can't send this before delay */
 			write_ndx(f_out, NDX_DONE);
@@ -2381,7 +2436,7 @@ void generate_files(int f_out, const char *local_name)
 
 	if (protocol_version >= 31) {
 		if (!EARLY_DELETE_DONE_MSG()) {
-			if (INFO_GTE(STATS, 2) || read_batch)
+			if (delete_mode || force_delete || read_batch)
 				write_del_stats(f_out);
 			write_ndx(f_out, NDX_DONE);
 		}

hashtable.c

@@ -1,7 +1,7 @@
 /*
  * Routines to provide a memory-efficient hashtable.
  *
- * Copyright (C) 2007-2020 Wayne Davison
+ * Copyright (C) 2007-2022 Wayne Davison
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -350,6 +350,9 @@ void *hashtable_find(struct hashtable *tbl, int64 key, void *data_when_new)
  -------------------------------------------------------------------------------
 */
 
+#define NON_ZERO_32(x) ((x) ? (x) : (uint32_t)1)
+#define NON_ZERO_64(x, y) ((x) || (y) ? (y) | (int64)(x) << 32 | (y) : (int64)1)
+
 uint32_t hashlittle(const void *key, size_t length)
 {
   uint32_t a,b,c;                                          /* internal state */
@@ -390,7 +393,7 @@ uint32_t hashlittle(const void *key, size_t length)
     case 3 : a+=((uint32_t)k8[2])<<16;   /* fall through */
     case 2 : a+=((uint32_t)k8[1])<<8;    /* fall through */
     case 1 : a+=k8[0]; break;
-    case 0 : return c;
+    case 0 : return NON_ZERO_32(c);
     }
   } else if (HASH_LITTLE_ENDIAN && ((u.i & 0x1) == 0)) {
     const uint16_t *k = (const uint16_t *)key;         /* read 16-bit chunks */
@@ -436,7 +439,7 @@ uint32_t hashlittle(const void *key, size_t length)
              break;
     case 1 : a+=k8[0];
              break;
-    case 0 : return c;                     /* zero length requires no mixing */
+    case 0 : return NON_ZERO_32(c);         /* zero length requires no mixing */
     }
 
   } else {                        /* need to read the key one byte at a time */
@@ -489,10 +492,171 @@ uint32_t hashlittle(const void *key, size_t length)
 	     /* FALLTHROUGH */
     case 1 : a+=k[0];
              break;
-    case 0 : return c;
+    case 0 : return NON_ZERO_32(c);
     }
   }
 
   final(a,b,c);
-  return c;
+  return NON_ZERO_32(c);
 }
+
+#if SIZEOF_INT64 >= 8
+/*
+ * hashlittle2: return 2 32-bit hash values joined into an int64.
+ *
+ * This is identical to hashlittle(), except it returns two 32-bit hash
+ * values instead of just one.  This is good enough for hash table
+ * lookup with 2^^64 buckets, or if you want a second hash if you're not
+ * happy with the first, or if you want a probably-unique 64-bit ID for
+ * the key.  *pc is better mixed than *pb, so use *pc first.  If you want
+ * a 64-bit value do something like "*pc + (((uint64_t)*pb)<<32)".
+ */
+int64 hashlittle2(const void *key, size_t length)
+{
+  uint32_t a,b,c;                                          /* internal state */
+  union { const void *ptr; size_t i; } u;     /* needed for Mac Powerbook G4 */
+
+  /* Set up the internal state */
+  a = b = c = 0xdeadbeef + ((uint32_t)length);
+
+  u.ptr = key;
+  if (HASH_LITTLE_ENDIAN && ((u.i & 0x3) == 0)) {
+    const uint32_t *k = (const uint32_t *)key;         /* read 32-bit chunks */
+    const uint8_t  *k8;
+
+    /*------ all but last block: aligned reads and affect 32 bits of (a,b,c) */
+    while (length > 12)
+    {
+      a += k[0];
+      b += k[1];
+      c += k[2];
+      mix(a,b,c);
+      length -= 12;
+      k += 3;
+    }
+
+    /*----------------------------- handle the last (probably partial) block */
+    k8 = (const uint8_t *)k;
+    switch(length)
+    {
+    case 12: c+=k[2]; b+=k[1]; a+=k[0]; break;
+    case 11: c+=((uint32_t)k8[10])<<16;  /* fall through */
+    case 10: c+=((uint32_t)k8[9])<<8;    /* fall through */
+    case 9 : c+=k8[8];                   /* fall through */
+    case 8 : b+=k[1]; a+=k[0]; break;
+    case 7 : b+=((uint32_t)k8[6])<<16;   /* fall through */
+    case 6 : b+=((uint32_t)k8[5])<<8;    /* fall through */
+    case 5 : b+=k8[4];                   /* fall through */
+    case 4 : a+=k[0]; break;
+    case 3 : a+=((uint32_t)k8[2])<<16;   /* fall through */
+    case 2 : a+=((uint32_t)k8[1])<<8;    /* fall through */
+    case 1 : a+=k8[0]; break;
+    case 0 : return NON_ZERO_64(b, c);
+    }
+  } else if (HASH_LITTLE_ENDIAN && ((u.i & 0x1) == 0)) {
+    const uint16_t *k = (const uint16_t *)key;         /* read 16-bit chunks */
+    const uint8_t  *k8;
+
+    /*--------------- all but last block: aligned reads and different mixing */
+    while (length > 12)
+    {
+      a += k[0] + (((uint32_t)k[1])<<16);
+      b += k[2] + (((uint32_t)k[3])<<16);
+      c += k[4] + (((uint32_t)k[5])<<16);
+      mix(a,b,c);
+      length -= 12;
+      k += 6;
+    }
+
+    /*----------------------------- handle the last (probably partial) block */
+    k8 = (const uint8_t *)k;
+    switch(length)
+    {
+    case 12: c+=k[4]+(((uint32_t)k[5])<<16);
+             b+=k[2]+(((uint32_t)k[3])<<16);
+             a+=k[0]+(((uint32_t)k[1])<<16);
+             break;
+    case 11: c+=((uint32_t)k8[10])<<16;     /* fall through */
+    case 10: c+=k[4];
+             b+=k[2]+(((uint32_t)k[3])<<16);
+             a+=k[0]+(((uint32_t)k[1])<<16);
+             break;
+    case 9 : c+=k8[8];                      /* fall through */
+    case 8 : b+=k[2]+(((uint32_t)k[3])<<16);
+             a+=k[0]+(((uint32_t)k[1])<<16);
+             break;
+    case 7 : b+=((uint32_t)k8[6])<<16;      /* fall through */
+    case 6 : b+=k[2];
+             a+=k[0]+(((uint32_t)k[1])<<16);
+             break;
+    case 5 : b+=k8[4];                      /* fall through */
+    case 4 : a+=k[0]+(((uint32_t)k[1])<<16);
+             break;
+    case 3 : a+=((uint32_t)k8[2])<<16;      /* fall through */
+    case 2 : a+=k[0];
+             break;
+    case 1 : a+=k8[0];
+             break;
+    case 0 : return NON_ZERO_64(b, c);  /* zero length strings require no mixing */
+    }
+
+  } else {                        /* need to read the key one byte at a time */
+    const uint8_t *k = (const uint8_t *)key;
+
+    /*--------------- all but the last block: affect some 32 bits of (a,b,c) */
+    while (length > 12)
+    {
+      a += k[0];
+      a += ((uint32_t)k[1])<<8;
+      a += ((uint32_t)k[2])<<16;
+      a += ((uint32_t)k[3])<<24;
+      b += k[4];
+      b += ((uint32_t)k[5])<<8;
+      b += ((uint32_t)k[6])<<16;
+      b += ((uint32_t)k[7])<<24;
+      c += k[8];
+      c += ((uint32_t)k[9])<<8;
+      c += ((uint32_t)k[10])<<16;
+      c += ((uint32_t)k[11])<<24;
+      mix(a,b,c);
+      length -= 12;
+      k += 12;
+    }
+
+    /*-------------------------------- last block: affect all 32 bits of (c) */
+    switch(length)                   /* all the case statements fall through */
+    {
+    case 12: c+=((uint32_t)k[11])<<24;
+	     /* FALLTHROUGH */
+    case 11: c+=((uint32_t)k[10])<<16;
+	     /* FALLTHROUGH */
+    case 10: c+=((uint32_t)k[9])<<8;
+	     /* FALLTHROUGH */
+    case 9 : c+=k[8];
+	     /* FALLTHROUGH */
+    case 8 : b+=((uint32_t)k[7])<<24;
+	     /* FALLTHROUGH */
+    case 7 : b+=((uint32_t)k[6])<<16;
+	     /* FALLTHROUGH */
+    case 6 : b+=((uint32_t)k[5])<<8;
+	     /* FALLTHROUGH */
+    case 5 : b+=k[4];
+	     /* FALLTHROUGH */
+    case 4 : a+=((uint32_t)k[3])<<24;
+	     /* FALLTHROUGH */
+    case 3 : a+=((uint32_t)k[2])<<16;
+	     /* FALLTHROUGH */
+    case 2 : a+=((uint32_t)k[1])<<8;
+	     /* FALLTHROUGH */
+    case 1 : a+=k[0];
+             break;
+    case 0 : return NON_ZERO_64(b, c);
+    }
+  }
+
+  final(a,b,c);
+  return NON_ZERO_64(b, c);
+}
+#else
+#define hashlittle2(key, len) hashlittle(key, len)
+#endif

hlink.c

@@ -4,7 +4,7 @@
  * Copyright (C) 1996 Andrew Tridgell
  * Copyright (C) 1996 Paul Mackerras
  * Copyright (C) 2002 Martin Pool <mbp@samba.org>
- * Copyright (C) 2004-2020 Wayne Davison
+ * Copyright (C) 2004-2022 Wayne Davison
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -117,7 +117,7 @@ static void match_gnums(int32 *ndx_list, int ndx_count)
 	struct ht_int32_node *node = NULL;
 	int32 gnum, gnum_next;
 
-	qsort(ndx_list, ndx_count, sizeof ndx_list[0], (int (*)()) hlink_compare_gnum);
+	qsort(ndx_list, ndx_count, sizeof ndx_list[0], (int (*)(const void*, const void*))hlink_compare_gnum);
 
 	for (from = 0; from < ndx_count; from++) {
 		file = hlink_flist->sorted[ndx_list[from]];
@@ -406,7 +406,7 @@ int hard_link_check(struct file_struct *file, int ndx, char *fname,
 				}
 				break;
 			}
-			if (!unchanged_file(cmpbuf, file, &alt_sx.st))
+			if (!quick_check_ok(FT_REG, cmpbuf, file, &alt_sx.st))
 				continue;
 			statret = 1;
 			if (unchanged_attrs(cmpbuf, file, &alt_sx))
@@ -446,7 +446,7 @@ int hard_link_check(struct file_struct *file, int ndx, char *fname,
 		return -1;
 
 	if (remove_source_files == 1 && do_xfers)
-		send_msg_int(MSG_SUCCESS, ndx);
+		send_msg_success(fname, ndx);
 
 	return 1;
 }
@@ -454,7 +454,7 @@ int hard_link_check(struct file_struct *file, int ndx, char *fname,
 int hard_link_one(struct file_struct *file, const char *fname,
 		  const char *oldname, int terse)
 {
-	if (do_link(oldname, fname) < 0) {
+	if (do_link_at(oldname, fname) < 0) {
 		enum logcode code;
 		if (terse) {
 			if (!INFO_GTE(NAME, 1))
@@ -519,7 +519,7 @@ void finish_hard_link(struct file_struct *file, const char *fname, int fin_ndx,
 		if (val < 0)
 			continue;
 		if (remove_source_files == 1 && do_xfers)
-			send_msg_int(MSG_SUCCESS, ndx);
+			send_msg_success(fname, ndx);
 	}
 
 	if (inc_recurse) {

ifuncs.h

@@ -1,6 +1,6 @@
 /* Inline functions for rsync.
  *
- * Copyright (C) 2007-2020 Wayne Davison
+ * Copyright (C) 2007-2022 Wayne Davison
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -75,6 +75,7 @@ d_name(struct dirent *di)
 static inline void
 init_stat_x(stat_x *sx_p)
 {
+	sx_p->crtime = 0;
 #ifdef SUPPORT_ACLS
 	sx_p->acc_acl = sx_p->def_acl = NULL;
 #endif
@@ -105,7 +106,7 @@ free_stat_x(stat_x *sx_p)
 static inline char *my_strdup(const char *str, const char *file, int line)
 {
     int len = strlen(str)+1;
-    char *buf = my_alloc(do_malloc, len, 1, file, line);
+    char *buf = my_alloc(NULL, len, 1, file, line);
     memcpy(buf, str, len);
     return buf;
 }

install-sh

@@ -115,7 +115,7 @@ else
 # might cause directories to be created, which would be especially bad 
 # if $src (and thus $dsttmp) contains '*'.
 
-	if [ -f $src -o -d $src ]
+	if [ -f $src ] || [ -d $src ]
 	then
 		true
 	else

io.c

@@ -4,7 +4,7 @@
  * Copyright (C) 1996-2001 Andrew Tridgell
  * Copyright (C) 1996 Paul Mackerras
  * Copyright (C) 2001, 2002 Martin Pool <mbp@samba.org>
- * Copyright (C) 2003-2020 Wayne Davison
+ * Copyright (C) 2003-2022 Wayne Davison
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -41,6 +41,7 @@ extern int am_server;
 extern int am_sender;
 extern int am_receiver;
 extern int am_generator;
+extern int local_server;
 extern int msgs2stderr;
 extern int inc_recurse;
 extern int io_error;
@@ -54,12 +55,15 @@ extern int read_batch;
 extern int compat_flags;
 extern int protect_args;
 extern int checksum_seed;
+extern int xfer_sum_len;
+extern int daemon_connection;
 extern int protocol_version;
 extern int remove_source_files;
 extern int preserve_hard_links;
 extern BOOL extra_flist_sending_enabled;
 extern BOOL flush_ok_after_signal;
 extern struct stats stats;
+extern time_t stop_at_utime;
 extern struct file_list *cur_flist;
 #ifdef ICONV_OPTION
 extern int filesfrom_convert;
@@ -82,6 +86,8 @@ int sock_f_out = -1;
 int64 total_data_read = 0;
 int64 total_data_written = 0;
 
+char num_dev_ino_buf[4 + 8 + 8];
+
 static struct {
 	xbuf in, out, msg;
 	int in_fd;
@@ -111,7 +117,7 @@ static int active_filecnt = 0;
 static OFF_T active_bytecnt = 0;
 static int first_message = 1;
 
-static char int_byte_extra[64] = {
+static const char int_byte_extra[64] = {
 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* (00 - 3F)/4 */
 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, /* (40 - 7F)/4 */
 	1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* (80 - BF)/4 */
@@ -262,15 +268,18 @@ static size_t safe_read(int fd, char *buf, size_t len)
 			rprintf(FINFO, "select exception on fd %d\n", fd); */
 
 		if (FD_ISSET(fd, &r_fds)) {
-			int n = read(fd, buf + got, len - got);
-			if (DEBUG_GTE(IO, 2))
-				rprintf(FINFO, "[%s] safe_read(%d)=%ld\n", who_am_i(), fd, (long)n);
+			ssize_t n = read(fd, buf + got, len - got);
+			if (DEBUG_GTE(IO, 2)) {
+				rprintf(FINFO, "[%s] safe_read(%d)=%" SIZE_T_FMT_MOD "d\n",
+					who_am_i(), fd, (SIZE_T_FMT_CAST)n);
+			}
 			if (n == 0)
 				break;
 			if (n < 0) {
 				if (errno == EINTR)
 					continue;
-				rsyserr(FERROR, errno, "safe_read failed to read %ld bytes", (long)len);
+				rsyserr(FERROR, errno, "safe_read failed to read %" SIZE_T_FMT_MOD "d bytes",
+					(SIZE_T_FMT_CAST)len);
 				exit_cleanup(RERR_STREAMIO);
 			}
 			if ((got += (size_t)n) == len)
@@ -302,7 +311,7 @@ static const char *what_fd_is(int fd)
  * is not used on the socket except very early in the transfer. */
 static void safe_write(int fd, const char *buf, size_t len)
 {
-	int n;
+	ssize_t n;
 
 	assert(fd != iobuf.out_fd);
 
@@ -313,8 +322,8 @@ static void safe_write(int fd, const char *buf, size_t len)
 		if (errno != EINTR && errno != EWOULDBLOCK && errno != EAGAIN) {
 		  write_failed:
 			rsyserr(FERROR, errno,
-				"safe_write failed to write %ld bytes to %s",
-				(long)len, what_fd_is(fd));
+				"safe_write failed to write %" SIZE_T_FMT_MOD "d bytes to %s",
+				(SIZE_T_FMT_CAST)len, what_fd_is(fd));
 			exit_cleanup(RERR_STREAMIO);
 		}
 	} else {
@@ -360,7 +369,7 @@ static void safe_write(int fd, const char *buf, size_t len)
  * a chunk of data and put it into the output buffer. */
 static void forward_filesfrom_data(void)
 {
-	int len;
+	ssize_t len;
 
 	len = read(ff_forward_fd, ff_xb.buf + ff_xb.len, ff_xb.size - ff_xb.len);
 	if (len <= 0) {
@@ -371,12 +380,15 @@ static void forward_filesfrom_data(void)
 			free_xbuf(&ff_xb);
 			if (ff_reenable_multiplex >= 0)
 				io_start_multiplex_out(ff_reenable_multiplex);
+			free_implied_include_partial_string();
 		}
 		return;
 	}
 
-	if (DEBUG_GTE(IO, 2))
-		rprintf(FINFO, "[%s] files-from read=%ld\n", who_am_i(), (long)len);
+	if (DEBUG_GTE(IO, 2)) {
+		rprintf(FINFO, "[%s] files-from read=%" SIZE_T_FMT_MOD "d\n",
+			who_am_i(), (SIZE_T_FMT_CAST)len);
+	}
 
 #ifdef ICONV_OPTION
 	len += ff_xb.len;
@@ -412,6 +424,7 @@ static void forward_filesfrom_data(void)
 		while (s != eob) {
 			if (*s++ == '\0') {
 				ff_xb.len = s - sob - 1;
+				add_implied_include(sob, 0);
 				if (iconvbufs(ic_send, &ff_xb, &iobuf.out, flags) < 0)
 					exit_cleanup(RERR_PROTOCOL); /* impossible? */
 				write_buf(iobuf.out_fd, s-1, 1); /* Send the '\0'. */
@@ -427,6 +440,7 @@ static void forward_filesfrom_data(void)
 			ff_lastchar = '\0';
 		else {
 			/* Handle a partial string specially, saving any incomplete chars. */
+			implied_include_partial_string(sob, s);
 			flags &= ~ICB_INCLUDE_INCOMPLETE;
 			if (iconvbufs(ic_send, &ff_xb, &iobuf.out, flags) < 0) {
 				if (errno == E2BIG)
@@ -443,13 +457,17 @@ static void forward_filesfrom_data(void)
 		char *f = ff_xb.buf + ff_xb.pos;
 		char *t = ff_xb.buf;
 		char *eob = f + len;
+		char *cur = t;
 		/* Eliminate any multi-'\0' runs. */
 		while (f != eob) {
 			if (!(*t++ = *f++)) {
+				add_implied_include(cur, 0);
+				cur = t;
 				while (f != eob && *f == '\0')
 					f++;
 			}
 		}
+		implied_include_partial_string(cur, t);
 		ff_lastchar = f[-1];
 		if ((len = t - ff_xb.buf) != 0) {
 			/* This will not circle back to perform_io() because we only get
@@ -463,7 +481,7 @@ void reduce_iobuf_size(xbuf *out, size_t new_size)
 {
 	if (new_size < out->size) {
 		/* Avoid weird buffer interactions by only outputting this to stderr. */
-		if (msgs2stderr && DEBUG_GTE(IO, 4)) {
+		if (msgs2stderr == 1 && DEBUG_GTE(IO, 4)) {
 			const char *name = out == &iobuf.out ? "iobuf.out"
 					 : out == &iobuf.msg ? "iobuf.msg"
 					 : NULL;
@@ -481,7 +499,7 @@ void restore_iobuf_size(xbuf *out)
 	if (IOBUF_WAS_REDUCED(out->size)) {
 		size_t new_size = IOBUF_RESTORE_SIZE(out->size);
 		/* Avoid weird buffer interactions by only outputting this to stderr. */
-		if (msgs2stderr && DEBUG_GTE(IO, 4)) {
+		if (msgs2stderr == 1 && DEBUG_GTE(IO, 4)) {
 			const char *name = out == &iobuf.out ? "iobuf.out"
 					 : out == &iobuf.msg ? "iobuf.msg"
 					 : NULL;
@@ -560,52 +578,59 @@ static char *perform_io(size_t needed, int flags)
 	case PIO_NEED_INPUT:
 		/* We never resize the circular input buffer. */
 		if (iobuf.in.size < needed) {
-			rprintf(FERROR, "need to read %ld bytes, iobuf.in.buf is only %ld bytes.\n",
-				(long)needed, (long)iobuf.in.size);
+			rprintf(FERROR, "need to read %" SIZE_T_FMT_MOD "d bytes,"
+					" iobuf.in.buf is only %" SIZE_T_FMT_MOD "d bytes.\n",
+				(SIZE_T_FMT_CAST)needed, (SIZE_T_FMT_CAST)iobuf.in.size);
 			exit_cleanup(RERR_PROTOCOL);
 		}
 
-		if (msgs2stderr && DEBUG_GTE(IO, 3)) {
-			rprintf(FINFO, "[%s] perform_io(%ld, %sinput)\n",
-				who_am_i(), (long)needed, flags & PIO_CONSUME_INPUT ? "consume&" : "");
+		if (msgs2stderr == 1 && DEBUG_GTE(IO, 3)) {
+			rprintf(FINFO, "[%s] perform_io(%" SIZE_T_FMT_MOD "d, %sinput)\n",
+				who_am_i(), (SIZE_T_FMT_CAST)needed, flags & PIO_CONSUME_INPUT ? "consume&" : "");
 		}
 		break;
 
 	case PIO_NEED_OUTROOM:
 		/* We never resize the circular output buffer. */
 		if (iobuf.out.size - iobuf.out_empty_len < needed) {
-			fprintf(stderr, "need to write %ld bytes, iobuf.out.buf is only %ld bytes.\n",
-				(long)needed, (long)(iobuf.out.size - iobuf.out_empty_len));
+			fprintf(stderr, "need to write %" SIZE_T_FMT_MOD "d bytes,"
+					" iobuf.out.buf is only %" SIZE_T_FMT_MOD "d bytes.\n",
+				(SIZE_T_FMT_CAST)needed, (SIZE_T_FMT_CAST)(iobuf.out.size - iobuf.out_empty_len));
 			exit_cleanup(RERR_PROTOCOL);
 		}
 
-		if (msgs2stderr && DEBUG_GTE(IO, 3)) {
-			rprintf(FINFO, "[%s] perform_io(%ld, outroom) needs to flush %ld\n",
-				who_am_i(), (long)needed,
+		if (msgs2stderr == 1 && DEBUG_GTE(IO, 3)) {
+			rprintf(FINFO, "[%s] perform_io(%" SIZE_T_FMT_MOD "d,"
+				       " outroom) needs to flush %" SIZE_T_FMT_MOD "d\n",
+				who_am_i(), (SIZE_T_FMT_CAST)needed,
 				iobuf.out.len + needed > iobuf.out.size
-				? (long)(iobuf.out.len + needed - iobuf.out.size) : 0L);
+				? (SIZE_T_FMT_CAST)(iobuf.out.len + needed - iobuf.out.size) : (SIZE_T_FMT_CAST)0);
 		}
 		break;
 
 	case PIO_NEED_MSGROOM:
 		/* We never resize the circular message buffer. */
 		if (iobuf.msg.size < needed) {
-			fprintf(stderr, "need to write %ld bytes, iobuf.msg.buf is only %ld bytes.\n",
-				(long)needed, (long)iobuf.msg.size);
+			fprintf(stderr, "need to write %" SIZE_T_FMT_MOD "d bytes,"
+					" iobuf.msg.buf is only %" SIZE_T_FMT_MOD "d bytes.\n",
+				(SIZE_T_FMT_CAST)needed, (SIZE_T_FMT_CAST)iobuf.msg.size);
 			exit_cleanup(RERR_PROTOCOL);
 		}
 
-		if (msgs2stderr && DEBUG_GTE(IO, 3)) {
-			rprintf(FINFO, "[%s] perform_io(%ld, msgroom) needs to flush %ld\n",
-				who_am_i(), (long)needed,
+		if (msgs2stderr == 1 && DEBUG_GTE(IO, 3)) {
+			rprintf(FINFO, "[%s] perform_io(%" SIZE_T_FMT_MOD "d,"
+				       " msgroom) needs to flush %" SIZE_T_FMT_MOD "d\n",
+				who_am_i(), (SIZE_T_FMT_CAST)needed,
 				iobuf.msg.len + needed > iobuf.msg.size
-				? (long)(iobuf.msg.len + needed - iobuf.msg.size) : 0L);
+				? (SIZE_T_FMT_CAST)(iobuf.msg.len + needed - iobuf.msg.size) : (SIZE_T_FMT_CAST)0);
 		}
 		break;
 
 	case 0:
-		if (msgs2stderr && DEBUG_GTE(IO, 3))
-			rprintf(FINFO, "[%s] perform_io(%ld, %d)\n", who_am_i(), (long)needed, flags);
+		if (msgs2stderr == 1 && DEBUG_GTE(IO, 3)) {
+			rprintf(FINFO, "[%s] perform_io(%" SIZE_T_FMT_MOD "d, %d)\n",
+				who_am_i(), (SIZE_T_FMT_CAST)needed, flags);
+		}
 		break;
 
 	default:
@@ -662,9 +687,9 @@ static char *perform_io(size_t needed, int flags)
 					SIVAL(iobuf.out.buf + iobuf.raw_data_header_pos, 0,
 					      ((MPLEX_BASE + (int)MSG_DATA)<<24) + iobuf.out.len - 4);
 
-					if (msgs2stderr && DEBUG_GTE(IO, 1)) {
-						rprintf(FINFO, "[%s] send_msg(%d, %ld)\n",
-							who_am_i(), (int)MSG_DATA, (long)iobuf.out.len - 4);
+					if (msgs2stderr == 1 && DEBUG_GTE(IO, 1)) {
+						rprintf(FINFO, "[%s] send_msg(%d, %" SIZE_T_FMT_MOD "d)\n",
+							who_am_i(), (int)MSG_DATA, (SIZE_T_FMT_CAST)iobuf.out.len - 4);
 					}
 
 					/* reserve room for the next MSG_DATA header */
@@ -755,7 +780,7 @@ static char *perform_io(size_t needed, int flags)
 
 		if (iobuf.in_fd >= 0 && FD_ISSET(iobuf.in_fd, &r_fds)) {
 			size_t len, pos = iobuf.in.pos + iobuf.in.len;
-			int n;
+			ssize_t n;
 			if (pos >= iobuf.in.size) {
 				pos -= iobuf.in.size;
 				len = iobuf.in.size - iobuf.in.len;
@@ -782,12 +807,14 @@ static char *perform_io(size_t needed, int flags)
 					exit_cleanup(RERR_SOCKETIO);
 				}
 			}
-			if (msgs2stderr && DEBUG_GTE(IO, 2))
-				rprintf(FINFO, "[%s] recv=%ld\n", who_am_i(), (long)n);
+			if (msgs2stderr == 1 && DEBUG_GTE(IO, 2)) {
+				rprintf(FINFO, "[%s] recv=%" SIZE_T_FMT_MOD "d\n",
+					who_am_i(), (SIZE_T_FMT_CAST)n);
+			}
 
 			if (io_timeout) {
 				last_io_in = time(NULL);
-				if (flags & PIO_NEED_INPUT)
+				if (io_timeout && flags & PIO_NEED_INPUT)
 					maybe_send_keepalive(last_io_in, 0);
 			}
 			stats.total_read += n;
@@ -795,9 +822,14 @@ static char *perform_io(size_t needed, int flags)
 			iobuf.in.len += n;
 		}
 
+		if (stop_at_utime && time(NULL) >= stop_at_utime) {
+			rprintf(FERROR, "stopping at requested limit\n");
+			exit_cleanup(RERR_TIMEOUT);
+		}
+
 		if (out && FD_ISSET(iobuf.out_fd, &w_fds)) {
 			size_t len = iobuf.raw_flushing_ends_before ? iobuf.raw_flushing_ends_before - out->pos : out->len;
-			int n;
+			ssize_t n;
 
 			if (bwlimit_writemax && len > bwlimit_writemax)
 				len = bwlimit_writemax;
@@ -817,9 +849,9 @@ static char *perform_io(size_t needed, int flags)
 					exit_cleanup(RERR_SOCKETIO);
 				}
 			}
-			if (msgs2stderr && DEBUG_GTE(IO, 2)) {
-				rprintf(FINFO, "[%s] %s sent=%ld\n",
-					who_am_i(), out == &iobuf.out ? "out" : "msg", (long)n);
+			if (msgs2stderr == 1 && DEBUG_GTE(IO, 2)) {
+				rprintf(FINFO, "[%s] %s sent=%" SIZE_T_FMT_MOD "d\n",
+					who_am_i(), out == &iobuf.out ? "out" : "msg", (SIZE_T_FMT_CAST)n);
 			}
 
 			if (io_timeout)
@@ -912,7 +944,11 @@ void noop_io_until_death(void)
 {
 	char buf[1024];
 
-	if (!iobuf.in.buf || !iobuf.out.buf || iobuf.in_fd < 0 || iobuf.out_fd < 0 || kluge_around_eof || msgs2stderr)
+	if (!iobuf.in.buf || !iobuf.out.buf || iobuf.in_fd < 0 || iobuf.out_fd < 0 || kluge_around_eof)
+		return;
+
+	/* If we're talking to a daemon over a socket, don't short-circuit this logic */
+	if (msgs2stderr && daemon_connection >= 0)
 		return;
 
 	kluge_around_eof = 2;
@@ -930,13 +966,15 @@ int send_msg(enum msgcode code, const char *buf, size_t len, int convert)
 {
 	char *hdr;
 	size_t needed, pos;
-	BOOL want_debug = DEBUG_GTE(IO, 1) && convert >= 0 && (msgs2stderr || code != MSG_INFO);
+	BOOL want_debug = DEBUG_GTE(IO, 1) && convert >= 0 && (msgs2stderr == 1 || code != MSG_INFO);
 
 	if (!OUT_MULTIPLEXED)
 		return 0;
 
-	if (want_debug)
-		rprintf(FINFO, "[%s] send_msg(%d, %ld)\n", who_am_i(), (int)code, (long)len);
+	if (want_debug) {
+		rprintf(FINFO, "[%s] send_msg(%d, %" SIZE_T_FMT_MOD "d)\n",
+			who_am_i(), (int)code, (SIZE_T_FMT_CAST)len);
+	}
 
 	/* When checking for enough free space for this message, we need to
 	 * make sure that there is space for the 4-byte header, plus we'll
@@ -952,9 +990,9 @@ int send_msg(enum msgcode code, const char *buf, size_t len, int convert)
 #endif
 		needed = len + 4 + 3;
 	if (iobuf.msg.len + needed > iobuf.msg.size) {
-		if (!am_receiver)
+		if (am_sender)
 			perform_io(needed, PIO_NEED_MSGROOM);
-		else { /* We allow the receiver to increase their iobuf.msg size to avoid a deadlock. */
+		else { /* We sometimes allow the iobuf.msg size to increase to avoid a deadlock. */
 			size_t old_size = iobuf.msg.size;
 			restore_iobuf_size(&iobuf.msg);
 			realloc_xbuf(&iobuf.msg, iobuf.msg.size * 2);
@@ -1011,8 +1049,10 @@ int send_msg(enum msgcode code, const char *buf, size_t len, int convert)
 
 	SIVAL(hdr, 0, ((MPLEX_BASE + (int)code)<<24) + len);
 
-	if (want_debug && convert > 0)
-		rprintf(FINFO, "[%s] converted msg len=%ld\n", who_am_i(), (long)len);
+	if (want_debug && convert > 0) {
+		rprintf(FINFO, "[%s] converted msg len=%" SIZE_T_FMT_MOD "d\n",
+			who_am_i(), (SIZE_T_FMT_CAST)len);
+	}
 
 	return 1;
 }
@@ -1028,10 +1068,31 @@ void send_msg_int(enum msgcode code, int num)
 	send_msg(code, numbuf, 4, -1);
 }
 
+void send_msg_success(const char *fname, int num)
+{
+	if (local_server) {
+		STRUCT_STAT st;
+
+		if (DEBUG_GTE(IO, 1))
+			rprintf(FINFO, "[%s] send_msg_success(%d)\n", who_am_i(), num);
+
+		if (stat(fname, &st) < 0)
+			memset(&st, 0, sizeof (STRUCT_STAT));
+		SIVAL(num_dev_ino_buf, 0, num);
+		SIVAL64(num_dev_ino_buf, 4, st.st_dev);
+		SIVAL64(num_dev_ino_buf, 4+8, st.st_ino);
+		send_msg(MSG_SUCCESS, num_dev_ino_buf, sizeof num_dev_ino_buf, -1);
+	} else
+		send_msg_int(MSG_SUCCESS, num);
+}
+
 static void got_flist_entry_status(enum festatus status, int ndx)
 {
 	struct file_list *flist = flist_for_ndx(ndx, "got_flist_entry_status");
 
+	if (ndx < flist->ndx_start)
+		exit_cleanup(RERR_PROTOCOL);
+
 	if (remove_source_files) {
 		active_filecnt--;
 		active_bytecnt -= F_LENGTH(flist->files[ndx - flist->ndx_start]);
@@ -1042,8 +1103,12 @@ static void got_flist_entry_status(enum festatus status, int ndx)
 
 	switch (status) {
 	case FES_SUCCESS:
-		if (remove_source_files)
-			send_msg_int(MSG_SUCCESS, ndx);
+		if (remove_source_files) {
+			if (local_server)
+				send_msg(MSG_SUCCESS, num_dev_ino_buf, sizeof num_dev_ino_buf, -1);
+			else
+				send_msg_int(MSG_SUCCESS, ndx);
+		}
 		/* FALL THROUGH */
 	case FES_NO_SEND:
 #ifdef SUPPORT_HARD_LINKS
@@ -1096,8 +1161,8 @@ void set_io_timeout(int secs)
 
 static void check_for_d_option_error(const char *msg)
 {
-	static char rsync263_opts[] = "BCDHIKLPRSTWabceghlnopqrtuvxz";
-	char *colon;
+	static const char rsync263_opts[] = "BCDHIKLPRSTWabceghlnopqrtuvxz";
+	const char *colon;
 	int saw_d = 0;
 
 	if (*msg != 'r'
@@ -1227,8 +1292,21 @@ int read_line(int fd, char *buf, size_t bufsiz, int flags)
 	return s - buf;
 }
 
+/* Reverse safe_arg()'s backslash escaping of a daemon option arg, the way a
+ * remote shell un-escapes args for the ssh transport.  In place; \X -> X. */
+static void unbackslash_arg(char *s)
+{
+	char *f = s, *t = s;
+	while (*f) {
+		if (*f == '\\' && f[1])
+			f++;
+		*t++ = *f++;
+	}
+	*t = '\0';
+}
+
 void read_args(int f_in, char *mod_name, char *buf, size_t bufsiz, int rl_nulls,
-	       char ***argv_p, int *argc_p, char **request_p)
+	       int unescape, char ***argv_p, int *argc_p, char **request_p)
 {
 	int maxargs = MAX_ARGS;
 	int dot_pos = 0, argc = 0, request_len = 0;
@@ -1270,6 +1348,11 @@ void read_args(int f_in, char *mod_name, char *buf, size_t bufsiz, int rl_nulls,
 				glob_expand(buf, &argv, &argc, &maxargs);
 		} else {
 			p = strdup(buf);
+			/* An option arg the client escaped with safe_arg() (no
+			 * remote shell un-escapes it for a daemon).  File args
+			 * after the dot are handled by glob_expand() below. */
+			if (unescape)
+				unbackslash_arg(p);
 			argv[argc++] = p;
 			if (*p == '.' && p[1] == '\0')
 				dot_pos = argc;
@@ -1285,7 +1368,7 @@ void read_args(int f_in, char *mod_name, char *buf, size_t bufsiz, int rl_nulls,
 
 BOOL io_start_buffering_out(int f_out)
 {
-	if (msgs2stderr && DEBUG_GTE(IO, 2))
+	if (msgs2stderr == 1 && DEBUG_GTE(IO, 2))
 		rprintf(FINFO, "[%s] io_start_buffering_out(%d)\n", who_am_i(), f_out);
 
 	if (iobuf.out.buf) {
@@ -1304,7 +1387,7 @@ BOOL io_start_buffering_out(int f_out)
 
 BOOL io_start_buffering_in(int f_in)
 {
-	if (msgs2stderr && DEBUG_GTE(IO, 2))
+	if (msgs2stderr == 1 && DEBUG_GTE(IO, 2))
 		rprintf(FINFO, "[%s] io_start_buffering_in(%d)\n", who_am_i(), f_in);
 
 	if (iobuf.in.buf) {
@@ -1323,7 +1406,7 @@ BOOL io_start_buffering_in(int f_in)
 
 void io_end_buffering_in(BOOL free_buffers)
 {
-	if (msgs2stderr && DEBUG_GTE(IO, 2)) {
+	if (msgs2stderr == 1 && DEBUG_GTE(IO, 2)) {
 		rprintf(FINFO, "[%s] io_end_buffering_in(IOBUF_%s_BUFS)\n",
 			who_am_i(), free_buffers ? "FREE" : "KEEP");
 	}
@@ -1338,7 +1421,7 @@ void io_end_buffering_in(BOOL free_buffers)
 
 void io_end_buffering_out(BOOL free_buffers)
 {
-	if (msgs2stderr && DEBUG_GTE(IO, 2)) {
+	if (msgs2stderr == 1 && DEBUG_GTE(IO, 2)) {
 		rprintf(FINFO, "[%s] io_end_buffering_out(IOBUF_%s_BUFS)\n",
 			who_am_i(), free_buffers ? "FREE" : "KEEP");
 	}
@@ -1426,8 +1509,10 @@ static void read_a_msg(void)
 	msg_bytes = tag & 0xFFFFFF;
 	tag = (tag >> 24) - MPLEX_BASE;
 
-	if (DEBUG_GTE(IO, 1) && msgs2stderr)
-		rprintf(FINFO, "[%s] got msg=%d, len=%ld\n", who_am_i(), (int)tag, (long)msg_bytes);
+	if (msgs2stderr == 1 && DEBUG_GTE(IO, 1)) {
+		rprintf(FINFO, "[%s] got msg=%d, len=%" SIZE_T_FMT_MOD "d\n",
+			who_am_i(), (int)tag, (SIZE_T_FMT_CAST)msg_bytes);
+	}
 
 	switch (tag) {
 	case MSG_DATA:
@@ -1536,14 +1621,15 @@ static void read_a_msg(void)
 		}
 		break;
 	case MSG_SUCCESS:
-		if (msg_bytes != 4) {
+		if (msg_bytes != (local_server ? 4+8+8 : 4)) {
 		  invalid_msg:
 			rprintf(FERROR, "invalid multi-message %d:%lu [%s%s]\n",
 				tag, (unsigned long)msg_bytes, who_am_i(),
 				inc_recurse ? "/inc" : "");
 			exit_cleanup(RERR_STREAMIO);
 		}
-		val = raw_read_int();
+		raw_read_buf(num_dev_ino_buf, msg_bytes);
+		val = IVAL(num_dev_ino_buf, 0);
 		iobuf.in_multiplexed = 1;
 		if (am_generator)
 			got_flist_entry_status(FES_SUCCESS, val);
@@ -1603,8 +1689,10 @@ static void read_a_msg(void)
 		else
 			goto invalid_msg;
 		iobuf.in_multiplexed = 1;
-		if (DEBUG_GTE(EXIT, 3))
-			rprintf(FINFO, "[%s] got MSG_ERROR_EXIT with %ld bytes\n", who_am_i(), (long)msg_bytes);
+		if (DEBUG_GTE(EXIT, 3)) {
+			rprintf(FINFO, "[%s] got MSG_ERROR_EXIT with %" SIZE_T_FMT_MOD "d bytes\n",
+					who_am_i(), (SIZE_T_FMT_CAST)msg_bytes);
+		}
 		if (msg_bytes == 0) {
 			if (!am_sender && !am_generator) {
 				if (DEBUG_GTE(EXIT, 3)) {
@@ -1718,6 +1806,13 @@ int32 read_int(int f)
 	return num;
 }
 
+uint32 read_uint(int f)
+{
+	char b[4];
+	read_buf(f, b, 4);
+	return IVAL(b, 0);
+}
+
 int32 read_varint(int f)
 {
 	union {
@@ -1791,6 +1886,45 @@ int64 read_varlong(int f, uchar min_bytes)
 	return u.x;
 }
 
+/* Read an int32 and verify lo <= v <= hi. On out-of-range, abort with a
+ * protocol error naming "what". The bound is co-located with the read so it
+ * cannot be forgotten by a downstream user. */
+int32 read_int_bounded(int f, int32 lo, int32 hi, const char *what)
+{
+	int32 v = read_int(f);
+	if (v < lo || v > hi) {
+		rprintf(FERROR, "wire value %s out of range: %ld not in [%ld,%ld] [%s]\n",
+			what, (long)v, (long)lo, (long)hi, who_am_i());
+		exit_cleanup(RERR_PROTOCOL);
+	}
+	return v;
+}
+
+/* As read_int_bounded but for varint-encoded values. */
+int32 read_varint_bounded(int f, int32 lo, int32 hi, const char *what)
+{
+	int32 v = read_varint(f);
+	if (v < lo || v > hi) {
+		rprintf(FERROR, "wire value %s out of range: %ld not in [%ld,%ld] [%s]\n",
+			what, (long)v, (long)lo, (long)hi, who_am_i());
+		exit_cleanup(RERR_PROTOCOL);
+	}
+	return v;
+}
+
+/* Read a varint that will be used as a size_t. Rejects negative values
+ * (which would wrap to ~SIZE_MAX) and values exceeding the supplied max. */
+size_t read_varint_size(int f, size_t max, const char *what)
+{
+	int32 v = read_varint(f);
+	if (v < 0 || (size_t)v > max) {
+		rprintf(FERROR, "wire size %s out of range: %ld > %lu [%s]\n",
+			what, (long)v, (unsigned long)max, who_am_i());
+		exit_cleanup(RERR_PROTOCOL);
+	}
+	return (size_t)v;
+}
+
 int64 read_longint(int f)
 {
 #if SIZEOF_INT64 >= 8
@@ -1810,6 +1944,7 @@ int64 read_longint(int f)
 #endif
 }
 
+/* Debugging note: this will be named read_buf_() when using an external zlib. */
 void read_buf(int f, char *buf, size_t len)
 {
 	if (f != iobuf.in_fd) {
@@ -1896,6 +2031,21 @@ void read_sum_head(int f, struct sum_struct *sum)
 			(long)sum->count, who_am_i());
 		exit_cleanup(RERR_PROTOCOL);
 	}
+	/* Guard against integer overflow in downstream allocations sized by
+	 * count*element_size. my_alloc uses divide-not-multiply so it is
+	 * already wraparound-safe, but checking here gives a clearer error
+	 * and also covers the (size_t)count * xfer_sum_len arithmetic that
+	 * is performed *before* reaching my_alloc. */
+	if (xfer_sum_len > 0 && (size_t)sum->count > SIZE_MAX / (size_t)xfer_sum_len) {
+		rprintf(FERROR, "Invalid checksum count %ld (too large) [%s]\n",
+			(long)sum->count, who_am_i());
+		exit_cleanup(RERR_PROTOCOL);
+	}
+	if ((size_t)sum->count > SIZE_MAX / sizeof(struct sum_buf)) {
+		rprintf(FERROR, "Invalid checksum count %ld (sum_buf overflow) [%s]\n",
+			(long)sum->count, who_am_i());
+		exit_cleanup(RERR_PROTOCOL);
+	}
 	sum->blength = read_int(f);
 	if (sum->blength < 0 || sum->blength > max_blength) {
 		rprintf(FERROR, "Invalid block length %ld [%s]\n",
@@ -1903,7 +2053,7 @@ void read_sum_head(int f, struct sum_struct *sum)
 		exit_cleanup(RERR_PROTOCOL);
 	}
 	sum->s2length = protocol_version < 27 ? csum_length : (int)read_int(f);
-	if (sum->s2length < 0 || sum->s2length > MAX_DIGEST_LEN) {
+	if (sum->s2length < 0 || sum->s2length > xfer_sum_len) {
 		rprintf(FERROR, "Invalid checksum length %d [%s]\n",
 			sum->s2length, who_am_i());
 		exit_cleanup(RERR_PROTOCOL);
@@ -2298,7 +2448,7 @@ void io_start_multiplex_out(int fd)
 {
 	io_flush(FULL_FLUSH);
 
-	if (msgs2stderr && DEBUG_GTE(IO, 2))
+	if (msgs2stderr == 1 && DEBUG_GTE(IO, 2))
 		rprintf(FINFO, "[%s] io_start_multiplex_out(%d)\n", who_am_i(), fd);
 
 	if (!iobuf.msg.buf)
@@ -2315,7 +2465,7 @@ void io_start_multiplex_out(int fd)
 /* Setup for multiplexing a MSG_* stream with the data stream. */
 void io_start_multiplex_in(int fd)
 {
-	if (msgs2stderr && DEBUG_GTE(IO, 2))
+	if (msgs2stderr == 1 && DEBUG_GTE(IO, 2))
 		rprintf(FINFO, "[%s] io_start_multiplex_in(%d)\n", who_am_i(), fd);
 
 	iobuf.in_multiplexed = 1; /* See also IN_MULTIPLEXED */
@@ -2326,7 +2476,7 @@ int io_end_multiplex_in(int mode)
 {
 	int ret = iobuf.in_multiplexed ? iobuf.in_fd : -1;
 
-	if (msgs2stderr && DEBUG_GTE(IO, 2))
+	if (msgs2stderr == 1 && DEBUG_GTE(IO, 2))
 		rprintf(FINFO, "[%s] io_end_multiplex_in(mode=%d)\n", who_am_i(), mode);
 
 	iobuf.in_multiplexed = 0;
@@ -2344,7 +2494,7 @@ int io_end_multiplex_out(int mode)
 {
 	int ret = iobuf.out_empty_len ? iobuf.out_fd : -1;
 
-	if (msgs2stderr && DEBUG_GTE(IO, 2))
+	if (msgs2stderr == 1 && DEBUG_GTE(IO, 2))
 		rprintf(FINFO, "[%s] io_end_multiplex_out(mode=%d)\n", who_am_i(), mode);
 
 	if (mode != MPLX_TO_BUFFERED)

itypes.h

@@ -1,6 +1,6 @@
 /* Inline functions for rsync.
  *
- * Copyright (C) 2007-2020 Wayne Davison
+ * Copyright (C) 2007-2022 Wayne Davison
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -40,6 +40,12 @@ isSpace(const char *ptr)
 	return isspace(*(unsigned char *)ptr);
 }
 
+static inline int
+isAlNum(const char *ptr)
+{
+	return isalnum(*(unsigned char *)ptr);
+}
+
 static inline int
 isLower(const char *ptr)
 {

latest-year.h

@@ -1 +1 @@
-#define LATEST_YEAR "2020"
+#define LATEST_YEAR "2026"

lib/compat.c

@@ -24,16 +24,24 @@
 
 static char number_separator;
 
-#ifndef HAVE_STRDUP
- char *strdup(char *s)
+char get_number_separator(void)
 {
-	int len = strlen(s) + 1;
-	char *ret = (char *)malloc(len);
-	if (ret)
-		memcpy(ret, s, len);
-	return ret;
+	if (!number_separator) {
+		char buf[32];
+		snprintf(buf, sizeof buf, "%f", 3.14);
+		if (strchr(buf, '.') != NULL)
+			number_separator = ',';
+		else
+			number_separator = '.';
+	}
+
+	return number_separator;
+}
+
+char get_decimal_point(void)
+{
+	return get_number_separator() == ',' ? '.' : ',';
 }
-#endif
 
 #ifndef HAVE_GETCWD
  char *getcwd(char *buf, int size)
@@ -155,30 +163,6 @@ int sys_gettimeofday(struct timeval *tv)
 #endif
 }
 
-#define HUMANIFY(mult) \
-	do { \
-		if (num >= mult || num <= -mult) { \
-			double dnum = (double)num / mult; \
-			char units; \
-			if (num < 0) \
-				dnum = -dnum; \
-			if (dnum < mult) \
-				units = 'K'; \
-			else if ((dnum /= mult) < mult) \
-				units = 'M'; \
-			else if ((dnum /= mult) < mult) \
-				units = 'G'; \
-			else { \
-				dnum /= mult; \
-				units = 'T'; \
-			} \
-			if (num < 0) \
-				dnum = -dnum; \
-			snprintf(bufs[n], sizeof bufs[0], "%.2f%c", dnum, units); \
-			return bufs[n]; \
-		} \
-	} while (0)
-
 /* Return the int64 number as a string.  If the human_flag arg is non-zero,
  * we may output the number in K, M, G, or T units.  If we don't add a unit
  * suffix, we will append the fract string, if it is non-NULL.  We can
@@ -190,22 +174,35 @@ char *do_big_num(int64 num, int human_flag, const char *fract)
 	char *s;
 	int len, negated;
 
-	if (human_flag && !number_separator) {
-		char buf[32];
-		snprintf(buf, sizeof buf, "%f", 3.14);
-		if (strchr(buf, '.') != NULL)
-			number_separator = ',';
-		else
-			number_separator = '.';
-	}
+	if (human_flag && !number_separator)
+		(void)get_number_separator();
 
 	n = (n + 1) % (sizeof bufs / sizeof bufs[0]);
 
 	if (human_flag > 1) {
-		if (human_flag == 2)
-			HUMANIFY(1000);
-		else
-			HUMANIFY(1024);
+		int mult = human_flag == 2 ? 1000 : 1024;
+		if (num >= mult || num <= -mult) {
+			double dnum = (double)num / mult;
+			char units;
+			if (num < 0)
+				dnum = -dnum;
+			if (dnum < mult)
+				units = 'K';
+			else if ((dnum /= mult) < mult)
+				units = 'M';
+			else if ((dnum /= mult) < mult)
+				units = 'G';
+			else if ((dnum /= mult) < mult)
+				units = 'T';
+			else {
+				dnum /= mult;
+				units = 'P';
+			}
+			if (num < 0)
+				dnum = -dnum;
+			snprintf(bufs[n], sizeof bufs[0], "%.2f%c", dnum, units);
+			return bufs[n];
+		}
 	}
 
 	s = bufs[n] + sizeof bufs[0] - 1;

lib/md-defines.h

@@ -1,11 +1,28 @@
 /* Keep this simple so both C and ASM can use it */
 
+/* These allow something like CFLAGS=-DDISABLE_SHA512_DIGEST */
+#ifdef DISABLE_SHA256_DIGEST
+#undef SHA256_DIGEST_LENGTH
+#endif
+#ifdef DISABLE_SHA512_DIGEST
+#undef SHA512_DIGEST_LENGTH
+#endif
+
 #define MD4_DIGEST_LEN 16
 #define MD5_DIGEST_LEN 16
+#if defined SHA512_DIGEST_LENGTH
+#define MAX_DIGEST_LEN SHA512_DIGEST_LENGTH
+#elif defined SHA256_DIGEST_LENGTH
+#define MAX_DIGEST_LEN SHA256_DIGEST_LENGTH
+#elif defined SHA_DIGEST_LENGTH
+#define MAX_DIGEST_LEN SHA_DIGEST_LENGTH
+#else
 #define MAX_DIGEST_LEN MD5_DIGEST_LEN
+#endif
 
 #define CSUM_CHUNK 64
 
+#define CSUM_gone -1
 #define CSUM_NONE 0
 #define CSUM_MD4_ARCHAIC 1
 #define CSUM_MD4_BUSTED 2
@@ -15,3 +32,6 @@
 #define CSUM_XXH64 6
 #define CSUM_XXH3_64 7
 #define CSUM_XXH3_128 8
+#define CSUM_SHA1 9
+#define CSUM_SHA256 10
+#define CSUM_SHA512 11

lib/md5-asm-x86_64.S

@@ -27,7 +27,7 @@
 #include "config.h"
 #include "md-defines.h"
 
-#if !defined USE_OPENSSL && CSUM_CHUNK == 64
+#ifdef USE_MD5_ASM /* { */
 
 #ifdef __APPLE__
 #define md5_process_asm _md5_process_asm
@@ -698,4 +698,4 @@ md5_process_asm:
 	pop	%rbp
 	ret
 
-#endif /* !USE_OPENSSL ... */
+#endif /* } USE_MD5_ASM */

lib/md5.c

@@ -2,7 +2,7 @@
  * RFC 1321 compliant MD5 implementation
  *
  * Copyright (C) 2001-2003 Christophe Devine
- * Copyright (C) 2007-2020 Wayne Davison
+ * Copyright (C) 2007-2022 Wayne Davison
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -20,7 +20,6 @@
 
 #include "rsync.h"
 
-#ifndef USE_OPENSSL
 void md5_begin(md_context *ctx)
 {
 	ctx->A = 0x67452301;
@@ -148,7 +147,10 @@ static void md5_process(md_context *ctx, const uchar data[CSUM_CHUNK])
 	ctx->D += D;
 }
 
-#if defined HAVE_ASM && CSUM_CHUNK == 64
+#ifdef USE_MD5_ASM
+#if CSUM_CHUNK != 64
+#error The MD5 ASM code does not support CSUM_CHUNK != 64
+#endif
 extern void md5_process_asm(md_context *ctx, const void *data, size_t num);
 #endif
 
@@ -176,26 +178,26 @@ void md5_update(md_context *ctx, const uchar *input, uint32 length)
 		left = 0;
 	}
 
-#if defined HAVE_ASM && CSUM_CHUNK == 64
+#ifdef USE_MD5_ASM /* { */
 	if (length >= CSUM_CHUNK) {
 		uint32 chunks = length / CSUM_CHUNK;
 		md5_process_asm(ctx, input, chunks);
 		length -= chunks * CSUM_CHUNK;
 		input += chunks * CSUM_CHUNK;
 	}
-#else
+#else /* } { */
 	while (length >= CSUM_CHUNK) {
 		md5_process(ctx, input);
 		length -= CSUM_CHUNK;
 		input  += CSUM_CHUNK;
 	}
-#endif
+#endif /* } */
 
 	if (length)
 		memcpy(ctx->buffer + left, input, length);
 }
 
-static uchar md5_padding[CSUM_CHUNK] = { 0x80 };
+static const uchar md5_padding[CSUM_CHUNK] = { 0x80 };
 
 void md5_result(md_context *ctx, uchar digest[MD5_DIGEST_LEN])
 {
@@ -221,9 +223,8 @@ void md5_result(md_context *ctx, uchar digest[MD5_DIGEST_LEN])
 	SIVALu(digest, 8, ctx->C);
 	SIVALu(digest, 12, ctx->D);
 }
-#endif
 
-#ifdef TEST_MD5
+#ifdef TEST_MD5 /* { */
 
 void get_md5(uchar *out, const uchar *input, int n)
 {
@@ -317,4 +318,4 @@ int main(int argc, char *argv[])
 	return 0;
 }
 
-#endif
+#endif /* } */

lib/mdigest.h

@@ -1,8 +1,8 @@
 /* The include file for both the MD4 and MD5 routines. */
 
 #ifdef USE_OPENSSL
-#include "openssl/md4.h"
-#include "openssl/md5.h"
+#include <openssl/sha.h>
+#include <openssl/evp.h>
 #endif
 #include "md-defines.h"
 
@@ -17,13 +17,6 @@ void mdfour_begin(md_context *md);
 void mdfour_update(md_context *md, const uchar *in, uint32 length);
 void mdfour_result(md_context *md, uchar digest[MD4_DIGEST_LEN]);
 
-#ifndef USE_OPENSSL
-#define MD5_CTX md_context
-#define MD5_Init md5_begin
-#define MD5_Update md5_update
-#define MD5_Final(digest, cptr) md5_result(cptr, digest)
-
 void md5_begin(md_context *ctx);
 void md5_update(md_context *ctx, const uchar *input, uint32 length);
 void md5_result(md_context *ctx, uchar digest[MD5_DIGEST_LEN]);
-#endif

lib/pool_alloc.3

@@ -33,7 +33,7 @@ pool_alloc, pool_free, pool_free_old, pool_talloc, pool_tfree, pool_create, pool
 .SH SYNOPSIS
 .B #include "pool_alloc.h"
 
-\fBstruct alloc_pool *pool_create(size_t \fIsize\fB, size_t \fIquantum\fB, void (*\fIbomb\fB)(char *), int \fIflags\fB);
+\fBstruct alloc_pool *pool_create(size_t \fIsize\fB, size_t \fIquantum\fB, void (*\fIbomb\fB)(char*,char*,int), int \fIflags\fB);
 
 \fBvoid pool_destroy(struct alloc_pool *\fIpool\fB);
 

lib/pool_alloc.c

@@ -9,8 +9,7 @@ struct alloc_pool
 	size_t			size;		/* extent size		*/
 	size_t			quantum;	/* allocation quantum	*/
 	struct pool_extent	*extents;	/* top extent is "live" */
-	void			(*bomb)();	/* function to call if
-						 * malloc fails		*/
+	void			(*bomb)(const char*, const char*, int);	/* called if malloc fails */
 	int			flags;
 
 	/* statistical data */
@@ -43,15 +42,16 @@ struct align_test {
 /* Temporarily cast a void* var into a char* var when adding an offset (to
  * keep some compilers from complaining about the pointer arithmetic). */
 #define PTR_ADD(b,o)	( (void*) ((char*)(b) + (o)) )
+#define PTR_SUB(b,o)	( (void*) ((char*)(b) - (o)) )
 
 alloc_pool_t
-pool_create(size_t size, size_t quantum, void (*bomb)(const char *), int flags)
+pool_create(size_t size, size_t quantum, void (*bomb)(const char*, const char*, int), int flags)
 {
 	struct alloc_pool *pool;
 
-	if ((MINALIGN & (MINALIGN - 1)) != 0) {
+	if ((MINALIGN & (MINALIGN - 1)) != (0)) {
 		if (bomb)
-			(*bomb)("Compiler error: MINALIGN is not a power of 2\n");
+			(*bomb)("Compiler error: MINALIGN is not a power of 2", __FILE__, __LINE__);
 		return NULL;
 	}
 
@@ -101,7 +101,7 @@ pool_destroy(alloc_pool_t p)
 	for (cur = pool->extents; cur; cur = next) {
 		next = cur->next;
 		if (pool->flags & POOL_PREPEND)
-			free(PTR_ADD(cur->start, -sizeof (struct pool_extent)));
+			free(PTR_SUB(cur->start, sizeof (struct pool_extent)));
 		else {
 			free(cur->start);
 			free(cur);
@@ -169,7 +169,7 @@ pool_alloc(alloc_pool_t p, size_t len, const char *bomb_msg)
 
   bomb_out:
 	if (pool->bomb)
-		(*pool->bomb)(bomb_msg);
+		(*pool->bomb)(bomb_msg, __FILE__, __LINE__);
 	return NULL;
 }
 
@@ -236,7 +236,7 @@ pool_free(alloc_pool_t p, size_t len, void *addr)
 		if (cur->free + cur->bound >= pool->size) {
 			prev->next = cur->next;
 			if (pool->flags & POOL_PREPEND)
-				free(PTR_ADD(cur->start, -sizeof (struct pool_extent)));
+				free(PTR_SUB(cur->start, sizeof (struct pool_extent)));
 			else {
 				free(cur->start);
 				free(cur);
@@ -293,7 +293,7 @@ pool_free_old(alloc_pool_t p, void *addr)
 	while ((cur = next) != NULL) {
 		next = cur->next;
 		if (pool->flags & POOL_PREPEND)
-			free(PTR_ADD(cur->start, -sizeof (struct pool_extent)));
+			free(PTR_SUB(cur->start, sizeof (struct pool_extent)));
 		else {
 			free(cur->start);
 			free(cur);

lib/pool_alloc.h

@@ -7,7 +7,7 @@
 
 typedef void *alloc_pool_t;
 
-alloc_pool_t pool_create(size_t size, size_t quantum, void (*bomb)(const char *), int flags);
+alloc_pool_t pool_create(size_t size, size_t quantum, void (*bomb)(const char*, const char*, int), int flags);
 void pool_destroy(alloc_pool_t pool);
 void *pool_alloc(alloc_pool_t pool, size_t size, const char *bomb_msg);
 void pool_free(alloc_pool_t pool, size_t size, void *addr);

lib/snprintf.c

@@ -20,7 +20,7 @@
  * for string length.  This covers a nasty loophole.
  *
  * The other functions are there to prevent NULL pointers from
- * causing nast effects.
+ * causing nasty effects.
  *
  * More Recently:
  *  Brandon Long <blong@fiction.net> 9/15/96 for mutt 0.43

lib/sysacls.h

@@ -3,7 +3,7 @@
  * Version 2.2.x
  * Portable SMB ACL interface
  * Copyright (C) Jeremy Allison 2000
- * Copyright (C) 2007-2019 Wayne Davison
+ * Copyright (C) 2007-2022 Wayne Davison
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -139,7 +139,9 @@ typedef struct acl *SMB_ACL_ENTRY_T;
 
 /* Based on the Solaris & UnixWare code. */
 
+#ifndef __TANDEM
 #undef GROUP
+#endif
 #include <sys/aclv.h>
 
 /* SVR4.2 ES/MP ACLs */
@@ -230,7 +232,7 @@ struct new_acl_entry{
 
 #define SMB_ACL_ENTRY_T		struct new_acl_entry*
 #define SMB_ACL_T		struct acl_entry_link*
- 
+
 #define SMB_ACL_TAG_T		unsigned short
 #define SMB_ACL_TYPE_T		int
 

lib/sysxattrs.c

@@ -2,7 +2,7 @@
  * Extended attribute support for rsync.
  *
  * Copyright (C) 2004 Red Hat, Inc.
- * Copyright (C) 2003-2019 Wayne Davison
+ * Copyright (C) 2003-2022 Wayne Davison
  * Written by Jay Fenlason.
  *
  * This program is free software; you can redistribute it and/or modify
@@ -67,7 +67,7 @@ ssize_t sys_lgetxattr(const char *path, const char *name, void *value, size_t si
 		u_int32_t offset = len;
 		size_t data_retrieved = len;
 		while (data_retrieved < size) {
-			len = getxattr(path, name, value + offset, size - data_retrieved, offset, XATTR_NOFOLLOW);
+			len = getxattr(path, name, (char*)value + offset, size - data_retrieved, offset, XATTR_NOFOLLOW);
 			if (len <= 0)
 				break;
 			data_retrieved += len;
@@ -126,9 +126,18 @@ ssize_t sys_llistxattr(const char *path, char *list, size_t size)
 	unsigned char keylen;
 	ssize_t off, len = extattr_list_link(path, EXTATTR_NAMESPACE_USER, list, size);
 
-	if (len <= 0 || (size_t)len > size)
+	if (len <= 0 || size == 0)
 		return len;
 
+	if ((size_t)len >= size) {
+		/* FreeBSD extattr_list_xx() returns 'size' as 'len' in case there are                                                              
+                   more data available, truncating the output, we solve this by signalling                                                          
+                   ERANGE in case len == size so that the code in xattrs.c will retry with                                                          
+                   a bigger buffer */
+		errno = ERANGE;
+		return -1;
+	}
+
 	/* FreeBSD puts a single-byte length before each string, with no '\0'
 	 * terminator.  We need to change this into a series of null-terminted
 	 * strings.  Since the size is the same, we can simply transform the
@@ -136,7 +145,7 @@ ssize_t sys_llistxattr(const char *path, char *list, size_t size)
 	for (off = 0; off < len; off += keylen + 1) {
 		keylen = ((unsigned char*)list)[off];
 		if (off + keylen >= len) {
-			/* Should be impossible, but kernel bugs happen! */
+			/* Should be impossible, but bugs happen! */
 			errno = EINVAL;
 			return -1;
 		}
@@ -167,7 +176,7 @@ static ssize_t read_xattr(int attrfd, void *buf, size_t buflen)
 	} else {
 		size_t bufpos;
 		for (bufpos = 0; bufpos < sb.st_size; ) {
-			ssize_t cnt = read(attrfd, buf + bufpos, sb.st_size - bufpos);
+			ssize_t cnt = read(attrfd, (char*)buf + bufpos, sb.st_size - bufpos);
 			if (cnt <= 0) {
 				if (cnt < 0 && errno == EINTR)
 					continue;
@@ -218,7 +227,7 @@ int sys_lsetxattr(const char *path, const char *name, const void *value, size_t
 		return -1;
 
 	for (bufpos = 0; bufpos < size; ) {
-		ssize_t cnt = write(attrfd, value+bufpos, size);
+		ssize_t cnt = write(attrfd, (char*)value + bufpos, size);
 		if (cnt <= 0) {
 			if (cnt < 0 && errno == EINTR)
 				continue;
@@ -274,7 +283,8 @@ ssize_t sys_llistxattr(const char *path, char *list, size_t size)
 		 && (dp->d_name[10] == 'o' || dp->d_name[10] == 'w'))
 			continue;
 
-		if ((ret += len+1) > size) {
+		ret += len + 1;
+		if ((size_t)ret > size) {
 			if (size == 0)
 				continue;
 			ret = -1;

loadparm.c

@@ -48,7 +48,6 @@
 extern item_list dparam_list;
 
 #define strequal(a, b) (strcasecmp(a, b)==0)
-#define BOOLSTR(b) ((b) ? "Yes" : "No")
 
 #ifndef LOG_DAEMON
 #define LOG_DAEMON 0
@@ -56,7 +55,7 @@ extern item_list dparam_list;
 
 /* the following are used by loadparm for option lists */
 typedef enum {
-	P_BOOL, P_BOOLREV, P_CHAR, P_INTEGER,
+	P_BOOL, P_BOOLREV, P_BOOL3, P_CHAR, P_INTEGER,
 	P_OCTAL, P_PATH, P_STRING, P_ENUM
 } parm_type;
 
@@ -66,7 +65,7 @@ typedef enum {
 
 struct enum_list {
 	int value;
-	char *name;
+	const char *name;
 };
 
 struct parm_struct {
@@ -74,7 +73,7 @@ struct parm_struct {
 	parm_type type;
 	parm_class class;
 	void *ptr;
-	struct enum_list *enum_list;
+	const struct enum_list *enum_list;
 	unsigned flags;
 };
 
@@ -87,234 +86,6 @@ struct parm_struct {
 #define LP_SNUM_OK(i) ((i) >= 0 && (i) < (int)section_list.count)
 #define SECTION_PTR(s, p) (((char*)(s)) + (ptrdiff_t)(((char*)(p))-(char*)&Vars.l))
 
-/* This structure describes global (ie., server-wide) parameters. */
-typedef struct {
-	char *bind_address;
-	char *daemon_chroot;
-	char *daemon_gid;
-	char *daemon_uid;
-	char *motd_file;
-	char *pid_file;
-	char *socket_options;
-
-	/* Each _EXP var tracks if the associated char* var has been expanded yet or not. */
-	BOOL bind_address_EXP;
-	BOOL daemon_chroot_EXP;
-	BOOL daemon_gid_EXP;
-	BOOL daemon_uid_EXP;
-	BOOL motd_file_EXP;
-	BOOL pid_file_EXP;
-	BOOL socket_options_EXP;
-
-	int listen_backlog;
-	int rsync_port;
-
-	BOOL proxy_protocol;
-} global_vars;
-
-/* This structure describes a single section.  Their order must match the
- * initializers below, which you can accomplish by keeping each sub-section
- * sorted.  (e.g. in vim, just visually select each subsection and use !sort.)
- * NOTE: the char* variables MUST all remain at the start of the struct! */
-typedef struct {
-	char *auth_users;
-	char *charset;
-	char *comment;
-	char *dont_compress;
-	char *early_exec;
-	char *exclude;
-	char *exclude_from;
-	char *filter;
-	char *gid;
-	char *hosts_allow;
-	char *hosts_deny;
-	char *include;
-	char *include_from;
-	char *incoming_chmod;
-	char *lock_file;
-	char *log_file;
-	char *log_format;
-	char *name;
-	char *outgoing_chmod;
-	char *path;
-	char *postxfer_exec;
-	char *prexfer_exec;
-	char *refuse_options;
-	char *secrets_file;
-	char *syslog_tag;
-	char *temp_dir;
-	char *uid;
-
-	/* Each _EXP var tracks if the associated char* var has been expanded yet or not. */
-	BOOL auth_users_EXP;
-	BOOL charset_EXP;
-	BOOL comment_EXP;
-	BOOL dont_compress_EXP;
-	BOOL early_exec_EXP;
-	BOOL exclude_EXP;
-	BOOL exclude_from_EXP;
-	BOOL filter_EXP;
-	BOOL gid_EXP;
-	BOOL hosts_allow_EXP;
-	BOOL hosts_deny_EXP;
-	BOOL include_EXP;
-	BOOL include_from_EXP;
-	BOOL incoming_chmod_EXP;
-	BOOL lock_file_EXP;
-	BOOL log_file_EXP;
-	BOOL log_format_EXP;
-	BOOL name_EXP;
-	BOOL outgoing_chmod_EXP;
-	BOOL path_EXP;
-	BOOL postxfer_exec_EXP;
-	BOOL prexfer_exec_EXP;
-	BOOL refuse_options_EXP;
-	BOOL secrets_file_EXP;
-	BOOL syslog_tag_EXP;
-	BOOL temp_dir_EXP;
-	BOOL uid_EXP;
-
-	int max_connections;
-	int max_verbosity;
-	int syslog_facility;
-	int timeout;
-
-	BOOL fake_super;
-	BOOL forward_lookup;
-	BOOL ignore_errors;
-	BOOL ignore_nonreadable;
-	BOOL list;
-	BOOL munge_symlinks;
-	BOOL numeric_ids;
-	BOOL read_only;
-	BOOL reverse_lookup;
-	BOOL strict_modes;
-	BOOL transfer_logging;
-	BOOL use_chroot;
-	BOOL write_only;
-} local_vars;
-
-/* This structure describes the global variables (g) as well as the globally
- * specified values of the local variables (l), which are used when modules
- * don't specify their own values. */
-typedef struct {
-	global_vars g;
-	local_vars l;
-} all_vars;
-
-/* The application defaults for all the variables.  "Defaults" is
- * used to re-initialize "Vars" before each config-file read.
- *
- * In order to keep these sorted in the same way as the structure
- * above, use the variable name in the leading comment, including a
- * trailing ';' (to avoid a sorting problem with trailing digits). */
-static const all_vars Defaults = {
- /* ==== global_vars ==== */
- {
- /* bind_address; */		NULL,
- /* daemon_chroot; */		NULL,
- /* daemon_gid; */		NULL,
- /* daemon_uid; */		NULL,
- /* motd_file; */		NULL,
- /* pid_file; */		NULL,
- /* socket_options; */		NULL,
-
- /* bind_address_EXP; */	False,
- /* daemon_chroot_EXP; */	False,
- /* daemon_gid_EXP; */		False,
- /* daemon_uid_EXP; */		False,
- /* motd_file_EXP; */		False,
- /* pid_file_EXP; */		False,
- /* socket_options_EXP; */	False,
-
- /* listen_backlog; */		5,
- /* rsync_port; */		0,
-
- /* proxy_protocol; */		False,
- },
-
- /* ==== local_vars ==== */
- {
- /* auth_users; */		NULL,
- /* charset; */ 		NULL,
- /* comment; */ 		NULL,
- /* dont_compress; */		DEFAULT_DONT_COMPRESS,
- /* early_exec; */		NULL,
- /* exclude; */ 		NULL,
- /* exclude_from; */		NULL,
- /* filter; */			NULL,
- /* gid; */			NULL,
- /* hosts_allow; */		NULL,
- /* hosts_deny; */		NULL,
- /* include; */			NULL,
- /* include_from; */		NULL,
- /* incoming_chmod; */		NULL,
- /* lock_file; */		DEFAULT_LOCK_FILE,
- /* log_file; */		NULL,
- /* log_format; */		"%o %h [%a] %m (%u) %f %l",
- /* name; */			NULL,
- /* outgoing_chmod; */		NULL,
- /* path; */			NULL,
- /* postxfer_exec; */		NULL,
- /* prexfer_exec; */		NULL,
- /* refuse_options; */		NULL,
- /* secrets_file; */		NULL,
- /* syslog_tag; */		"rsyncd",
- /* temp_dir; */ 		NULL,
- /* uid; */			NULL,
-
- /* auth_users_EXP; */		False,
- /* charset_EXP; */		False,
- /* comment_EXP; */		False,
- /* dont_compress_EXP; */	False,
- /* early_exec_EXP; */		False,
- /* exclude_EXP; */		False,
- /* exclude_from_EXP; */	False,
- /* filter_EXP; */		False,
- /* gid_EXP; */			False,
- /* hosts_allow_EXP; */		False,
- /* hosts_deny_EXP; */		False,
- /* include_EXP; */		False,
- /* include_from_EXP; */	False,
- /* incoming_chmod_EXP; */	False,
- /* lock_file_EXP; */		False,
- /* log_file_EXP; */		False,
- /* log_format_EXP; */		False,
- /* name_EXP; */		False,
- /* outgoing_chmod_EXP; */	False,
- /* path_EXP; */		False,
- /* postxfer_exec_EXP; */	False,
- /* prexfer_exec_EXP; */	False,
- /* refuse_options_EXP; */	False,
- /* secrets_file_EXP; */	False,
- /* syslog_tag_EXP; */		False,
- /* temp_dir_EXP; */		False,
- /* uid_EXP; */			False,
-
- /* max_connections; */		0,
- /* max_verbosity; */		1,
- /* syslog_facility; */		LOG_DAEMON,
- /* timeout; */			0,
-
- /* fake_super; */		False,
- /* forward_lookup; */		True,
- /* ignore_errors; */		False,
- /* ignore_nonreadable; */	False,
- /* list; */			True,
- /* munge_symlinks; */		(BOOL)-1,
- /* numeric_ids; */		(BOOL)-1,
- /* read_only; */		True,
- /* reverse_lookup; */		True,
- /* strict_modes; */		True,
- /* transfer_logging; */	False,
- /* use_chroot; */		True,
- /* write_only; */		False,
- }
-};
-
-/* The currently configured values for all the variables. */
-static all_vars Vars;
-
 /* Stack of "Vars" values used by the &include directive. */
 static item_list Vars_stack = EMPTY_ITEM_LIST;
 
@@ -324,9 +95,7 @@ static item_list section_list = EMPTY_ITEM_LIST;
 static int iSectionIndex = -1;
 static BOOL bInGlobalSection = True;
 
-#define NUMPARAMETERS (sizeof (parm_table) / sizeof (struct parm_struct))
-
-static struct enum_list enum_facilities[] = {
+static const struct enum_list enum_syslog_facility[] = {
 #ifdef LOG_AUTH
 	{ LOG_AUTH, "auth" },
 #endif
@@ -393,95 +162,27 @@ static struct enum_list enum_facilities[] = {
 	{ -1, NULL }
 };
 
-static struct parm_struct parm_table[] =
-{
- {"address",           P_STRING, P_GLOBAL,&Vars.g.bind_address,        NULL,0},
- {"daemon chroot",     P_STRING, P_GLOBAL,&Vars.g.daemon_chroot,       NULL,0},
- {"daemon gid",        P_STRING, P_GLOBAL,&Vars.g.daemon_gid,          NULL,0},
- {"daemon uid",        P_STRING, P_GLOBAL,&Vars.g.daemon_uid,          NULL,0},
- {"listen backlog",    P_INTEGER,P_GLOBAL,&Vars.g.listen_backlog,      NULL,0},
- {"motd file",         P_STRING, P_GLOBAL,&Vars.g.motd_file,           NULL,0},
- {"pid file",          P_STRING, P_GLOBAL,&Vars.g.pid_file,            NULL,0},
- {"port",              P_INTEGER,P_GLOBAL,&Vars.g.rsync_port,          NULL,0},
- {"proxy protocol",    P_BOOL,   P_LOCAL, &Vars.g.proxy_protocol,      NULL,0},
- {"socket options",    P_STRING, P_GLOBAL,&Vars.g.socket_options,      NULL,0},
-
- {"auth users",        P_STRING, P_LOCAL, &Vars.l.auth_users,          NULL,0},
- {"charset",           P_STRING, P_LOCAL, &Vars.l.charset,             NULL,0},
- {"comment",           P_STRING, P_LOCAL, &Vars.l.comment,             NULL,0},
- {"dont compress",     P_STRING, P_LOCAL, &Vars.l.dont_compress,       NULL,0},
- {"early exec",        P_STRING, P_LOCAL, &Vars.l.early_exec,          NULL,0},
- {"exclude from",      P_STRING, P_LOCAL, &Vars.l.exclude_from,        NULL,0},
- {"exclude",           P_STRING, P_LOCAL, &Vars.l.exclude,             NULL,0},
- {"fake super",        P_BOOL,   P_LOCAL, &Vars.l.fake_super,          NULL,0},
- {"filter",            P_STRING, P_LOCAL, &Vars.l.filter,              NULL,0},
- {"forward lookup",    P_BOOL,   P_LOCAL, &Vars.l.forward_lookup,      NULL,0},
- {"gid",               P_STRING, P_LOCAL, &Vars.l.gid,                 NULL,0},
- {"hosts allow",       P_STRING, P_LOCAL, &Vars.l.hosts_allow,         NULL,0},
- {"hosts deny",        P_STRING, P_LOCAL, &Vars.l.hosts_deny,          NULL,0},
- {"ignore errors",     P_BOOL,   P_LOCAL, &Vars.l.ignore_errors,       NULL,0},
- {"ignore nonreadable",P_BOOL,   P_LOCAL, &Vars.l.ignore_nonreadable,  NULL,0},
- {"include from",      P_STRING, P_LOCAL, &Vars.l.include_from,        NULL,0},
- {"include",           P_STRING, P_LOCAL, &Vars.l.include,             NULL,0},
- {"incoming chmod",    P_STRING, P_LOCAL, &Vars.l.incoming_chmod,      NULL,0},
- {"list",              P_BOOL,   P_LOCAL, &Vars.l.list,                NULL,0},
- {"lock file",         P_STRING, P_LOCAL, &Vars.l.lock_file,           NULL,0},
- {"log file",          P_STRING, P_LOCAL, &Vars.l.log_file,            NULL,0},
- {"log format",        P_STRING, P_LOCAL, &Vars.l.log_format,          NULL,0},
- {"max connections",   P_INTEGER,P_LOCAL, &Vars.l.max_connections,     NULL,0},
- {"max verbosity",     P_INTEGER,P_LOCAL, &Vars.l.max_verbosity,       NULL,0},
- {"munge symlinks",    P_BOOL,   P_LOCAL, &Vars.l.munge_symlinks,      NULL,0},
- {"name",              P_STRING, P_LOCAL, &Vars.l.name,                NULL,0},
- {"numeric ids",       P_BOOL,   P_LOCAL, &Vars.l.numeric_ids,         NULL,0},
- {"outgoing chmod",    P_STRING, P_LOCAL, &Vars.l.outgoing_chmod,      NULL,0},
- {"path",              P_PATH,   P_LOCAL, &Vars.l.path,                NULL,0},
-#ifdef HAVE_PUTENV
- {"post-xfer exec",    P_STRING, P_LOCAL, &Vars.l.postxfer_exec,       NULL,0},
- {"pre-xfer exec",     P_STRING, P_LOCAL, &Vars.l.prexfer_exec,        NULL,0},
-#endif
- {"read only",         P_BOOL,   P_LOCAL, &Vars.l.read_only,           NULL,0},
- {"refuse options",    P_STRING, P_LOCAL, &Vars.l.refuse_options,      NULL,0},
- {"reverse lookup",    P_BOOL,   P_LOCAL, &Vars.l.reverse_lookup,      NULL,0},
- {"secrets file",      P_STRING, P_LOCAL, &Vars.l.secrets_file,        NULL,0},
- {"strict modes",      P_BOOL,   P_LOCAL, &Vars.l.strict_modes,        NULL,0},
- {"syslog facility",   P_ENUM,   P_LOCAL, &Vars.l.syslog_facility,     enum_facilities,0},
- {"syslog tag",        P_STRING, P_LOCAL, &Vars.l.syslog_tag,          NULL,0},
- {"temp dir",          P_PATH,   P_LOCAL, &Vars.l.temp_dir,            NULL,0},
- {"timeout",           P_INTEGER,P_LOCAL, &Vars.l.timeout,             NULL,0},
- {"transfer logging",  P_BOOL,   P_LOCAL, &Vars.l.transfer_logging,    NULL,0},
- {"uid",               P_STRING, P_LOCAL, &Vars.l.uid,                 NULL,0},
- {"use chroot",        P_BOOL,   P_LOCAL, &Vars.l.use_chroot,          NULL,0},
- {"write only",        P_BOOL,   P_LOCAL, &Vars.l.write_only,          NULL,0},
- {NULL,                P_BOOL,   P_NONE,  NULL,                        NULL,0}
-};
-
-/* Initialise the Default all_vars structure. */
-void reset_daemon_vars(void)
-{
-	memcpy(&Vars, &Defaults, sizeof Vars);
-}
-
 /* Expand %VAR% references.  Any unknown vars or unrecognized
  * syntax leaves the raw chars unchanged. */
-static char *expand_vars(char *str)
+static char *expand_vars(const char *str)
 {
-	char *buf, *t, *f;
+	char *buf, *t;
+	const char *f;
 	int bufsize;
 
 	if (!str || !strchr(str, '%'))
-		return str;
+		return (char *)str; /* TODO change return value to const char* at some point. */
 
 	bufsize = strlen(str) + 2048;
 	buf = new_array(char, bufsize+1); /* +1 for trailing '\0' */
 
 	for (t = buf, f = str; bufsize && *f; ) {
-		if (*f == '%' && *++f != '%') {
-			char *percent = strchr(f, '%');
-			if (percent) {
+		if (*f == '%' && isUpper(f+1)) {
+			const char *percent = strchr(f+1, '%');
+			if (percent && percent - f < bufsize) {
 				char *val;
-				*percent = '\0';
-				val = getenv(f);
-				*percent = '%';
+				strlcpy(t, f+1, percent - f);
+				val = getenv(t);
 				if (val) {
 					int len = strlcpy(t, val, bufsize+1);
 					if (len > bufsize)
@@ -492,7 +193,6 @@ static char *expand_vars(char *str)
 					continue;
 				}
 			}
-			f--;
 		}
 		*t++ = *f++;
 		bufsize--;
@@ -510,6 +210,8 @@ static char *expand_vars(char *str)
 	return buf;
 }
 
+/* Each "char* foo" has an associated "BOOL foo_EXP" that tracks if the string has been expanded yet or not. */
+
 /* NOTE: use this function and all the FN_{GLOBAL,LOCAL} ones WITHOUT a trailing semicolon! */
 #define RETURN_EXPANDED(val) {if (!val ## _EXP) {val = expand_vars(val); val ## _EXP = True;} return val ? val : "";}
 
@@ -534,65 +236,24 @@ static char *expand_vars(char *str)
 #define FN_LOCAL_INTEGER(fn_name, val) \
  int fn_name(int i) {return LP_SNUM_OK(i)? iSECTION(i).val : Vars.l.val;}
 
-FN_GLOBAL_STRING(lp_bind_address, bind_address)
-FN_GLOBAL_STRING(lp_daemon_chroot, daemon_chroot)
-FN_GLOBAL_STRING(lp_daemon_gid, daemon_gid)
-FN_GLOBAL_STRING(lp_daemon_uid, daemon_uid)
-FN_GLOBAL_STRING(lp_motd_file, motd_file)
-FN_GLOBAL_STRING(lp_pid_file, pid_file)
-FN_GLOBAL_STRING(lp_socket_options, socket_options)
+/* The following include file contains:
+ *
+ * typedef global_vars - describes global (ie., server-wide) parameters.
+ * typedef local_vars - describes a single section.
+ * typedef all_vars - a combination of global_vars & local_vars.
+ * all_vars Defaults - the default values for all the variables.
+ * all_vars Vars - the currently configured values for all the variables.
+ * struct parm_struct parm_table - the strings & variables for the parser.
+ * FN_{LOCAL,GLOBAL}_{TYPE}() definition for all the lp_var_name() accessors.
+ */
 
-FN_GLOBAL_INTEGER(lp_listen_backlog, listen_backlog)
-FN_GLOBAL_INTEGER(lp_rsync_port, rsync_port)
+#include "daemon-parm.h"
 
-FN_GLOBAL_BOOL(lp_proxy_protocol, proxy_protocol)
-
-FN_LOCAL_STRING(lp_auth_users, auth_users)
-FN_LOCAL_STRING(lp_charset, charset)
-FN_LOCAL_STRING(lp_comment, comment)
-FN_LOCAL_STRING(lp_dont_compress, dont_compress)
-FN_LOCAL_STRING(lp_early_exec, early_exec)
-FN_LOCAL_STRING(lp_exclude, exclude)
-FN_LOCAL_STRING(lp_exclude_from, exclude_from)
-FN_LOCAL_STRING(lp_filter, filter)
-FN_LOCAL_STRING(lp_gid, gid)
-FN_LOCAL_STRING(lp_hosts_allow, hosts_allow)
-FN_LOCAL_STRING(lp_hosts_deny, hosts_deny)
-FN_LOCAL_STRING(lp_include, include)
-FN_LOCAL_STRING(lp_include_from, include_from)
-FN_LOCAL_STRING(lp_incoming_chmod, incoming_chmod)
-FN_LOCAL_STRING(lp_lock_file, lock_file)
-FN_LOCAL_STRING(lp_log_file, log_file)
-FN_LOCAL_STRING(lp_log_format, log_format)
-FN_LOCAL_STRING(lp_name, name)
-FN_LOCAL_STRING(lp_outgoing_chmod, outgoing_chmod)
-FN_LOCAL_STRING(lp_path, path)
-FN_LOCAL_STRING(lp_postxfer_exec, postxfer_exec)
-FN_LOCAL_STRING(lp_prexfer_exec, prexfer_exec)
-FN_LOCAL_STRING(lp_refuse_options, refuse_options)
-FN_LOCAL_STRING(lp_secrets_file, secrets_file)
-FN_LOCAL_STRING(lp_syslog_tag, syslog_tag)
-FN_LOCAL_STRING(lp_temp_dir, temp_dir)
-FN_LOCAL_STRING(lp_uid, uid)
-
-FN_LOCAL_INTEGER(lp_max_connections, max_connections)
-FN_LOCAL_INTEGER(lp_max_verbosity, max_verbosity)
-FN_LOCAL_INTEGER(lp_syslog_facility, syslog_facility)
-FN_LOCAL_INTEGER(lp_timeout, timeout)
-
-FN_LOCAL_BOOL(lp_fake_super, fake_super)
-FN_LOCAL_BOOL(lp_forward_lookup, forward_lookup)
-FN_LOCAL_BOOL(lp_ignore_errors, ignore_errors)
-FN_LOCAL_BOOL(lp_ignore_nonreadable, ignore_nonreadable)
-FN_LOCAL_BOOL(lp_list, list)
-FN_LOCAL_BOOL(lp_munge_symlinks, munge_symlinks)
-FN_LOCAL_BOOL(lp_numeric_ids, numeric_ids)
-FN_LOCAL_BOOL(lp_read_only, read_only)
-FN_LOCAL_BOOL(lp_reverse_lookup, reverse_lookup)
-FN_LOCAL_BOOL(lp_strict_modes, strict_modes)
-FN_LOCAL_BOOL(lp_transfer_logging, transfer_logging)
-FN_LOCAL_BOOL(lp_use_chroot, use_chroot)
-FN_LOCAL_BOOL(lp_write_only, write_only)
+/* Initialise the Default all_vars structure. */
+void reset_daemon_vars(void)
+{
+	memcpy(&Vars, &Defaults, sizeof Vars);
+}
 
 /* Assign a copy of v to *s.  Handles NULL strings.  We don't worry
  * about overwriting a malloc'd string because the long-running
@@ -617,19 +278,14 @@ static void init_section(local_vars *psection)
 	copy_section(psection, &Vars.l);
 }
 
-/* Do a case-insensitive, whitespace-ignoring string compare. */
-static int strwicmp(char *psz1, char *psz2)
+/* Do a case-insensitive, whitespace-ignoring string equality check. */
+static int strwiEQ(char *psz1, char *psz2)
 {
-	/* if BOTH strings are NULL, return TRUE, if ONE is NULL return */
-	/* appropriate value. */
+	/* If one or both strings are NULL, we return equality right away. */
 	if (psz1 == psz2)
-		return 0;
-
-	if (psz1 == NULL)
-		return -1;
-
-	if (psz2 == NULL)
 		return 1;
+	if (psz1 == NULL || psz2 == NULL)
+		return 0;
 
 	/* sync the strings on first non-whitespace */
 	while (1) {
@@ -637,12 +293,14 @@ static int strwicmp(char *psz1, char *psz2)
 			psz1++;
 		while (isSpace(psz2))
 			psz2++;
-		if (toUpper(psz1) != toUpper(psz2) || *psz1 == '\0' || *psz2 == '\0')
+		if (*psz1 == '\0' || *psz2 == '\0')
+			break;
+		if (toUpper(psz1) != toUpper(psz2))
 			break;
 		psz1++;
 		psz2++;
 	}
-	return *psz1 - *psz2;
+	return *psz1 == *psz2;
 }
 
 /* Find a section by name. Otherwise works like get_section. */
@@ -651,7 +309,7 @@ static int getsectionbyname(char *name)
 	int i;
 
 	for (i = section_list.count - 1; i >= 0; i--) {
-		if (strwicmp(iSECTION(i).name, name) == 0)
+		if (strwiEQ(iSECTION(i).name, name))
 			break;
 	}
 
@@ -691,7 +349,7 @@ static int map_parameter(char *parmname)
 		return -1;
 
 	for (iIndex = 0; parm_table[iIndex].label; iIndex++) {
-		if (strwicmp(parm_table[iIndex].label, parmname) == 0)
+		if (strwiEQ(parm_table[iIndex].label, parmname))
 			return iIndex;
 	}
 
@@ -702,16 +360,14 @@ static int map_parameter(char *parmname)
 /* Set a boolean variable from the text value stored in the passed string.
  * Returns True in success, False if the passed string does not correctly
  * represent a boolean. */
-static BOOL set_boolean(BOOL *pb, char *parmvalue)
+static BOOL set_boolean(BOOL *pb, char *parmvalue, int allow_unset)
 {
-	if (strwicmp(parmvalue, "yes") == 0
-	 || strwicmp(parmvalue, "true") == 0
-	 || strwicmp(parmvalue, "1") == 0)
+	if (strwiEQ(parmvalue, "yes") || strwiEQ(parmvalue, "true") || strwiEQ(parmvalue, "1"))
 		*pb = True;
-	else if (strwicmp(parmvalue, "no") == 0
-	      || strwicmp(parmvalue, "False") == 0
-	      || strwicmp(parmvalue, "0") == 0)
+	else if (strwiEQ(parmvalue, "no") || strwiEQ(parmvalue, "false") || strwiEQ(parmvalue, "0"))
 		*pb = False;
+	else if (allow_unset && (strwiEQ(parmvalue, "unset") || strwiEQ(parmvalue, "-1")))
+		*pb = Unset;
 	else {
 		rprintf(FLOG, "Badly formed boolean in configuration file: \"%s\".\n", parmvalue);
 		return False;
@@ -760,11 +416,15 @@ static BOOL do_parameter(char *parmname, char *parmvalue)
 
 	switch (parm_table[parmnum].type) {
 	case P_BOOL:
-		set_boolean(parm_ptr, parmvalue);
+		set_boolean(parm_ptr, parmvalue, False);
+		break;
+
+	case P_BOOL3:
+		set_boolean(parm_ptr, parmvalue, True);
 		break;
 
 	case P_BOOLREV:
-		set_boolean(parm_ptr, parmvalue);
+		set_boolean(parm_ptr, parmvalue, False);
 		*(BOOL *)parm_ptr = ! *(BOOL *)parm_ptr;
 		break;
 
@@ -777,7 +437,7 @@ static BOOL do_parameter(char *parmname, char *parmvalue)
 		break;
 
 	case P_OCTAL:
-		sscanf(parmvalue, "%o", (int *)parm_ptr);
+		sscanf(parmvalue, "%o", (unsigned int *)parm_ptr);
 		break;
 
 	case P_PATH:
@@ -834,7 +494,7 @@ static BOOL do_section(char *sectionname)
 		return True;
 	}
 
-	isglobal = strwicmp(sectionname, GLOBAL_NAME) == 0;
+	isglobal = strwiEQ(sectionname, GLOBAL_NAME);
 
 	/* At the end of the global section, add any --dparam items. */
 	if (bInGlobalSection && !isglobal) {

log.c

@@ -3,7 +3,7 @@
  *
  * Copyright (C) 1998-2001 Andrew Tridgell <tridge@samba.org>
  * Copyright (C) 2000-2001 Martin Pool <mbp@samba.org>
- * Copyright (C) 2003-2020 Wayne Davison
+ * Copyright (C) 2003-2022 Wayne Davison
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -34,10 +34,8 @@ extern int module_id;
 extern int allow_8bit_chars;
 extern int protocol_version;
 extern int always_checksum;
-extern int preserve_times;
+extern int preserve_mtimes;
 extern int msgs2stderr;
-extern int xfersum_type;
-extern int checksum_type;
 extern int stdout_format_has_i;
 extern int stdout_format_has_o_or_i;
 extern int logfile_format_has_i;
@@ -62,6 +60,8 @@ extern unsigned int module_dirlen;
 extern char sender_file_sum[MAX_DIGEST_LEN];
 extern const char undetermined_hostname[];
 
+extern struct name_num_item *xfer_sum_nni, *file_sum_nni;
+
 static int log_initialised;
 static int logfile_was_closed;
 static FILE *logfile_fp;
@@ -251,7 +251,7 @@ static void filtered_fwrite(FILE *f, const char *in_buf, int in_len, int use_isp
 void rwrite(enum logcode code, const char *buf, int len, int is_utf8)
 {
 	char trailing_CR_or_NL;
-	FILE *f = msgs2stderr ? stderr : stdout;
+	FILE *f = msgs2stderr == 1 ? stderr : stdout;
 #ifdef ICONV_OPTION
 	iconv_t ic = is_utf8 && ic_recv != (iconv_t)-1 ? ic_recv : ic_chck;
 #else
@@ -263,7 +263,7 @@ void rwrite(enum logcode code, const char *buf, int len, int is_utf8)
 	if (len < 0)
 		exit_cleanup(RERR_MESSAGEIO);
 
-	if (msgs2stderr) {
+	if (msgs2stderr == 1) {
 		/* A normal daemon can get msgs2stderr set if the socket is busted, so we
 		 * change the message destination into an FLOG message in order to try to
 		 * get some info about an abnormal-exit into the log file. An rsh daemon
@@ -327,7 +327,7 @@ void rwrite(enum logcode code, const char *buf, int len, int is_utf8)
 		exit_cleanup(RERR_MESSAGEIO);
 	}
 
-	if (am_server && !msgs2stderr) {
+	if (am_server && msgs2stderr != 1 && (msgs2stderr != 2 || f != stderr)) {
 		enum msgcode msg = (enum msgcode)code;
 		if (protocol_version < 30) {
 			if (msg == MSG_ERROR)
@@ -350,8 +350,7 @@ void rwrite(enum logcode code, const char *buf, int len, int is_utf8)
 		output_needs_newline = 0;
 	}
 
-	trailing_CR_or_NL = len && (buf[len-1] == '\n' || buf[len-1] == '\r')
-			  ? buf[--len] : 0;
+	trailing_CR_or_NL = len && (buf[len-1] == '\n' || buf[len-1] == '\r') ? buf[--len] : '\0';
 
 	if (len && buf[0] == '\r') {
 		fputc('\r', f);
@@ -372,7 +371,12 @@ void rwrite(enum logcode code, const char *buf, int len, int is_utf8)
 			iconvbufs(ic, &inbuf, &outbuf, inbuf.pos ? 0 : ICB_INIT);
 			ierrno = errno;
 			if (outbuf.len) {
-				filtered_fwrite(f, convbuf, outbuf.len, 0, 0);
+				char trailing = inbuf.len ? '\0' : trailing_CR_or_NL;
+				filtered_fwrite(f, convbuf, outbuf.len, 0, trailing);
+				if (trailing) {
+					trailing_CR_or_NL = '\0';
+					fflush(f);
+				}
 				outbuf.len = 0;
 			}
 			/* Log one byte of illegal/incomplete sequence and continue with
@@ -452,11 +456,17 @@ void rsyserr(enum logcode code, int errcode, const char *format, ...)
 	char buf[BIGPATHBUFLEN];
 	size_t len;
 
+	/* snprintf returns the would-have-been length on truncation, so
+	 * each cumulative call must be guarded; if not, sizeof buf - len
+	 * can underflow when promoted to size_t and the next call writes
+	 * past the buffer. */
 	len = snprintf(buf, sizeof buf, RSYNC_NAME ": [%s] ", who_am_i());
 
-	va_start(ap, format);
-	len += vsnprintf(buf + len, sizeof buf - len, format, ap);
-	va_end(ap);
+	if (len < sizeof buf) {
+		va_start(ap, format);
+		len += vsnprintf(buf + len, sizeof buf - len, format, ap);
+		va_end(ap);
+	}
 
 	if (len < sizeof buf) {
 		len += snprintf(buf + len, sizeof buf - len,
@@ -676,12 +686,12 @@ static void log_formatted(enum logcode code, const char *format, const char *op,
 			n = NULL;
 			if (S_ISREG(file->mode)) {
 				if (always_checksum)
-					n = sum_as_hex(checksum_type, F_SUM(file), 1);
+					n = sum_as_hex(file_sum_nni->num, F_SUM(file), 1);
 				else if (iflags & ITEM_TRANSFER)
-					n = sum_as_hex(xfersum_type, sender_file_sum, 0);
+					n = sum_as_hex(xfer_sum_nni->num, sender_file_sum, 0);
 			}
 			if (!n) {
-				int sum_len = csum_len_for_type(always_checksum ? checksum_type : xfersum_type,
+				int sum_len = csum_len_for_type(always_checksum ? file_sum_nni->num : xfer_sum_nni->num,
 								always_checksum);
 				memset(buf2, ' ', sum_len*2);
 				buf2[sum_len*2] = '\0';
@@ -702,7 +712,7 @@ static void log_formatted(enum logcode code, const char *format, const char *op,
 				c[1] = 'L';
 				c[3] = '.';
 				c[4] = !(iflags & ITEM_REPORT_TIME) ? '.'
-				     : !preserve_times || !receiver_symlink_times
+				     : !preserve_mtimes || !receiver_symlink_times
 				    || (iflags & ITEM_REPORT_TIMEFAIL) ? 'T' : 't';
 			} else {
 				c[1] = S_ISDIR(file->mode) ? 'd'
@@ -710,14 +720,15 @@ static void log_formatted(enum logcode code, const char *format, const char *op,
 				     : IS_DEVICE(file->mode) ? 'D' : 'f';
 				c[3] = !(iflags & ITEM_REPORT_SIZE) ? '.' : 's';
 				c[4] = !(iflags & ITEM_REPORT_TIME) ? '.'
-				     : !preserve_times ? 'T' : 't';
+				     : !preserve_mtimes ? 'T' : 't';
 			}
 			c[2] = !(iflags & ITEM_REPORT_CHANGE) ? '.' : 'c';
 			c[5] = !(iflags & ITEM_REPORT_PERMS) ? '.' : 'p';
 			c[6] = !(iflags & ITEM_REPORT_OWNER) ? '.' : 'o';
 			c[7] = !(iflags & ITEM_REPORT_GROUP) ? '.' : 'g';
-			c[8] = !(iflags & ITEM_REPORT_ATIME) ? '.'
-			     : S_ISLNK(file->mode) ? 'U' : 'u';
+			c[8] = !(iflags & (ITEM_REPORT_ATIME|ITEM_REPORT_CRTIME)) ? '.'
+			     : BITS_SET(iflags, ITEM_REPORT_ATIME|ITEM_REPORT_CRTIME) ? 'b'
+			     : iflags & ITEM_REPORT_ATIME ? 'u' : 'n';
 			c[9] = !(iflags & ITEM_REPORT_ACL) ? '.' : 'a';
 			c[10] = !(iflags & ITEM_REPORT_XATTR) ? '.' : 'x';
 			c[11] = '\0';
@@ -833,14 +844,24 @@ void maybe_log_item(struct file_struct *file, int iflags, int itemizing, const c
 
 void log_delete(const char *fname, int mode)
 {
-	static struct {
-		union file_extras ex[4]; /* just in case... */
-		struct file_struct file;
-	} x; /* Zero-initialized due to static declaration. */
+	static struct file_struct *file = NULL;
 	int len = strlen(fname);
 	const char *fmt;
 
-	x.file.mode = mode;
+	if (!file) {
+		int extra_len = (file_extra_cnt + 2) * EXTRA_LEN;
+		char *bp;
+#if EXTRA_ROUNDING > 0
+		if (extra_len & (EXTRA_ROUNDING * EXTRA_LEN))
+			extra_len = (extra_len | (EXTRA_ROUNDING * EXTRA_LEN)) + EXTRA_LEN;
+#endif
+
+		bp = new_array0(char, FILE_STRUCT_LEN + extra_len + 1);
+		bp += extra_len;
+		file = (struct file_struct *)bp;
+	}
+
+	file->mode = mode;
 
 	if (am_server && protocol_version >= 29 && len < MAXPATHLEN) {
 		if (S_ISDIR(mode))
@@ -850,14 +871,14 @@ void log_delete(const char *fname, int mode)
 		;
 	else {
 		fmt = stdout_format_has_o_or_i ? stdout_format : "deleting %n";
-		log_formatted(FCLIENT, fmt, "del.", &x.file, fname, ITEM_DELETED, NULL);
+		log_formatted(FCLIENT, fmt, "del.", file, fname, ITEM_DELETED, NULL);
 	}
 
 	if (!logfile_name || dry_run || !logfile_format)
 		return;
 
 	fmt = logfile_format_has_o_or_i ? logfile_format : "deleting %n";
-	log_formatted(FLOG, fmt, "del.", &x.file, fname, ITEM_DELETED, NULL);
+	log_formatted(FLOG, fmt, "del.", file, fname, ITEM_DELETED, NULL);
 }
 
 /*
@@ -886,10 +907,10 @@ void log_exit(int code, const char *file, int line)
 		/* VANISHED is not an error, only a warning */
 		if (code == RERR_VANISHED) {
 			rprintf(FWARNING, "rsync warning: %s (code %d) at %s(%d) [%s=%s]\n",
-				name, code, file, line, who_am_i(), RSYNC_VERSION);
+				name, code, src_file(file), line, who_am_i(), rsync_version());
 		} else {
 			rprintf(FERROR, "rsync error: %s (code %d) at %s(%d) [%s=%s]\n",
-				name, code, file, line, who_am_i(), RSYNC_VERSION);
+				name, code, src_file(file), line, who_am_i(), rsync_version());
 		}
 	}
 }

m4/have_type.m4

@@ -1,6 +1,5 @@
 dnl AC_HAVE_TYPE(TYPE,INCLUDES)
 AC_DEFUN([AC_HAVE_TYPE], [
-AC_REQUIRE([AC_HEADER_STDC])
 cv=`echo "$1" | sed 'y%./+- %__p__%'`
 AC_MSG_CHECKING(for $1)
 AC_CACHE_VAL([ac_cv_type_$cv],

main.c

@@ -4,7 +4,7 @@
  * Copyright (C) 1996-2001 Andrew Tridgell <tridge@samba.org>
  * Copyright (C) 1996 Paul Mackerras
  * Copyright (C) 2001, 2002 Martin Pool <mbp@samba.org>
- * Copyright (C) 2003-2020 Wayne Davison
+ * Copyright (C) 2003-2022 Wayne Davison
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -28,6 +28,9 @@
 #include <locale.h>
 #endif
 #include <popt.h>
+#ifdef __TANDEM
+#include <floss.h(floss_execlp)>
+#endif
 
 extern int dry_run;
 extern int list_only;
@@ -45,6 +48,7 @@ extern int called_from_signal_handler;
 extern int need_messages_from_generator;
 extern int kluge_around_eof;
 extern int got_xfer_error;
+extern int old_style_args;
 extern int msgs2stderr;
 extern int module_id;
 extern int read_only;
@@ -54,6 +58,7 @@ extern int copy_unsafe_links;
 extern int keep_dirlinks;
 extern int preserve_hard_links;
 extern int protocol_version;
+extern int mkpath_dest_arg;
 extern int file_total;
 extern int recurse;
 extern int xfer_dirs;
@@ -61,7 +66,7 @@ extern int protect_args;
 extern int relative_paths;
 extern int sanitize_paths;
 extern int curr_dir_depth;
-extern int curr_dir_len;
+extern unsigned int curr_dir_len;
 extern int module_id;
 extern int rsync_port;
 extern int whole_file;
@@ -83,6 +88,9 @@ extern BOOL shutting_down;
 extern int backup_dir_len;
 extern int basis_dir_cnt;
 extern int default_af_hint;
+extern int stdout_format_has_i;
+extern int trust_sender_filter;
+extern int trust_sender_args;
 extern struct stats stats;
 extern char *stdout_format;
 extern char *logfile_format;
@@ -93,18 +101,19 @@ extern char *shell_cmd;
 extern char *password_file;
 extern char *backup_dir;
 extern char *copy_as;
+extern char *tmpdir;
 extern char curr_dir[MAXPATHLEN];
 extern char backup_dir_buf[MAXPATHLEN];
 extern char *basis_dir[MAX_BASIS_DIRS+1];
 extern struct file_list *first_flist;
-extern filter_rule_list daemon_filter_list;
+extern filter_rule_list daemon_filter_list, implied_filter_list;
 
 uid_t our_uid;
 gid_t our_gid;
 int am_receiver = 0;  /* Only set to 1 after the receiver/generator fork. */
 int am_generator = 0; /* Only set to 1 after the receiver/generator fork. */
 int local_server = 0;
-int daemon_over_rsh = 0;
+int daemon_connection = 0; /* 0 = no daemon, 1 = daemon via remote shell, -1 = daemon via socket */
 mode_t orig_umask = 0;
 int batch_gen_fd = -1;
 int sender_keeps_checksum = 0;
@@ -230,11 +239,11 @@ void write_del_stats(int f)
 
 void read_del_stats(int f)
 {
-	stats.deleted_files = read_varint(f);
-	stats.deleted_files += stats.deleted_dirs = read_varint(f);
-	stats.deleted_files += stats.deleted_symlinks = read_varint(f);
-	stats.deleted_files += stats.deleted_devices = read_varint(f);
-	stats.deleted_files += stats.deleted_specials = read_varint(f);
+	stats.deleted_files = read_varint_bounded(f, 0, MAX_WIRE_DEL_STAT, "deleted_files");
+	stats.deleted_files += stats.deleted_dirs = read_varint_bounded(f, 0, MAX_WIRE_DEL_STAT, "deleted_dirs");
+	stats.deleted_files += stats.deleted_symlinks = read_varint_bounded(f, 0, MAX_WIRE_DEL_STAT, "deleted_symlinks");
+	stats.deleted_files += stats.deleted_devices = read_varint_bounded(f, 0, MAX_WIRE_DEL_STAT, "deleted_devices");
+	stats.deleted_files += stats.deleted_specials = read_varint_bounded(f, 0, MAX_WIRE_DEL_STAT, "deleted_specials");
 }
 
 static void become_copy_as_user()
@@ -299,7 +308,7 @@ static void become_copy_as_user()
 
 	our_uid = MY_UID();
 	our_gid = MY_GID();
-	am_root = (our_uid == 0);
+	am_root = (our_uid == ROOT_UID);
 
 	if (gname)
 		gname[-1] = ':';
@@ -377,7 +386,7 @@ static void handle_stats(int f)
 
 static void output_itemized_counts(const char *prefix, int *counts)
 {
-	static char *labels[] = { "reg", "dir", "link", "dev", "special" };
+	static char *const labels[] = { "reg", "dir", "link", "dev", "special" };
 	char buf[1024], *pre = " (";
 	int j, len = 0;
 	int total = counts[0];
@@ -385,9 +394,18 @@ static void output_itemized_counts(const char *prefix, int *counts)
 		counts[0] -= counts[1] + counts[2] + counts[3] + counts[4];
 		for (j = 0; j < 5; j++) {
 			if (counts[j]) {
+				/* snprintf can return more than its size arg
+				 * on truncation; keep len <= sizeof buf - 2 so
+				 * the closing ')' and trailing NUL always
+				 * have room and the next iteration's
+				 * sizeof buf - len - 2 cannot underflow. */
+				if (len >= (int)sizeof buf - 2)
+					break;
 				len += snprintf(buf+len, sizeof buf - len - 2,
 					"%s%s: %s",
 					pre, labels[j], comma_num(counts[j]));
+				if (len > (int)sizeof buf - 2)
+					len = (int)sizeof buf - 2;
 				pre = ", ";
 			}
 		}
@@ -461,38 +479,33 @@ static void output_summary(void)
  **/
 static void show_malloc_stats(void)
 {
-#ifdef HAVE_MALLINFO
-	struct mallinfo mi;
-
-	mi = mallinfo();
+#ifdef MEM_ALLOC_INFO
+	struct MEM_ALLOC_INFO mi = MEM_ALLOC_INFO(); /* mallinfo or mallinfo2 */
 
 	rprintf(FCLIENT, "\n");
 	rprintf(FINFO, RSYNC_NAME "[%d] (%s%s%s) heap statistics:\n",
 		(int)getpid(), am_server ? "server " : "",
 		am_daemon ? "daemon " : "", who_am_i());
-	rprintf(FINFO, "  arena:     %10ld   (bytes from sbrk)\n",
-		(long)mi.arena);
-	rprintf(FINFO, "  ordblks:   %10ld   (chunks not in use)\n",
-		(long)mi.ordblks);
-	rprintf(FINFO, "  smblks:    %10ld\n",
-		(long)mi.smblks);
-	rprintf(FINFO, "  hblks:     %10ld   (chunks from mmap)\n",
-		(long)mi.hblks);
-	rprintf(FINFO, "  hblkhd:    %10ld   (bytes from mmap)\n",
-		(long)mi.hblkhd);
-	rprintf(FINFO, "  allmem:    %10ld   (bytes from sbrk + mmap)\n",
-		(long)mi.arena + mi.hblkhd);
-	rprintf(FINFO, "  usmblks:   %10ld\n",
-		(long)mi.usmblks);
-	rprintf(FINFO, "  fsmblks:   %10ld\n",
-		(long)mi.fsmblks);
-	rprintf(FINFO, "  uordblks:  %10ld   (bytes used)\n",
-		(long)mi.uordblks);
-	rprintf(FINFO, "  fordblks:  %10ld   (bytes free)\n",
-		(long)mi.fordblks);
-	rprintf(FINFO, "  keepcost:  %10ld   (bytes in releasable chunk)\n",
-		(long)mi.keepcost);
-#endif /* HAVE_MALLINFO */
+
+#define PRINT_ALLOC_NUM(title, descr, num) \
+	rprintf(FINFO, "  %-11s%10" SIZE_T_FMT_MOD "d   (" descr ")\n", \
+		title ":", (SIZE_T_FMT_CAST)(num));
+
+	PRINT_ALLOC_NUM("arena", "bytes from sbrk", mi.arena);
+	PRINT_ALLOC_NUM("ordblks", "chunks not in use", mi.ordblks);
+	PRINT_ALLOC_NUM("smblks", "free fastbin blocks", mi.smblks);
+	PRINT_ALLOC_NUM("hblks", "chunks from mmap", mi.hblks);
+	PRINT_ALLOC_NUM("hblkhd", "bytes from mmap", mi.hblkhd);
+	PRINT_ALLOC_NUM("allmem", "bytes from sbrk + mmap", mi.arena + mi.hblkhd);
+	PRINT_ALLOC_NUM("usmblks", "always 0", mi.usmblks);
+	PRINT_ALLOC_NUM("fsmblks", "bytes in freed fastbin blocks", mi.fsmblks);
+	PRINT_ALLOC_NUM("uordblks", "bytes used", mi.uordblks);
+	PRINT_ALLOC_NUM("fordblks", "bytes free", mi.fordblks);
+	PRINT_ALLOC_NUM("keepcost", "bytes in releasable chunk", mi.keepcost);
+
+#undef PRINT_ALLOC_NUM
+
+#endif /* MEM_ALLOC_INFO */
 }
 
 
@@ -562,12 +575,12 @@ static pid_t do_cmd(char *cmd, char *machine, char *user, char **remote_argv, in
 #ifdef HAVE_REMSH
 		/* remsh (on HPUX) takes the arguments the other way around */
 		args[argc++] = machine;
-		if (user && !(daemon_over_rsh && dash_l_set)) {
+		if (user && !(daemon_connection && dash_l_set)) {
 			args[argc++] = "-l";
 			args[argc++] = user;
 		}
 #else
-		if (user && !(daemon_over_rsh && dash_l_set)) {
+		if (user && !(daemon_connection && dash_l_set)) {
 			args[argc++] = "-l";
 			args[argc++] = user;
 		}
@@ -587,7 +600,11 @@ static pid_t do_cmd(char *cmd, char *machine, char *user, char **remote_argv, in
 		if (blocking_io < 0 && (strcmp(t, "rsh") == 0 || strcmp(t, "remsh") == 0))
 			blocking_io = 1;
 
-		server_options(args, &argc);
+		if (daemon_connection > 0) {
+			args[argc++] = "--server";
+			args[argc++] = "--daemon";
+		} else
+			server_options(args, &argc);
 
 		if (argc >= MAX_ARGS - 2)
 			goto arg_overflow;
@@ -595,18 +612,14 @@ static pid_t do_cmd(char *cmd, char *machine, char *user, char **remote_argv, in
 
 	args[argc++] = ".";
 
-	if (!daemon_over_rsh) {
+	if (!daemon_connection) {
 		while (remote_argc > 0) {
 			if (argc >= MAX_ARGS - 1) {
 			  arg_overflow:
 				rprintf(FERROR, "internal: args[] overflowed in do_cmd()\n");
 				exit_cleanup(RERR_SYNTAX);
 			}
-			if (**remote_argv == '-') {
-				if (asprintf(args + argc++, "./%s", *remote_argv++) < 0)
-					out_of_memory("do_cmd");
-			} else
-				args[argc++] = *remote_argv++;
+			args[argc++] = safe_arg(NULL, *remote_argv++);
 			remote_argc--;
 		}
 	}
@@ -648,7 +661,7 @@ static pid_t do_cmd(char *cmd, char *machine, char *user, char **remote_argv, in
 #ifdef ICONV_CONST
 		setup_iconv();
 #endif
-		if (protect_args && !daemon_over_rsh)
+		if (protect_args && !daemon_connection)
 			send_protected_args(*f_out_p, args);
 	}
 
@@ -658,6 +671,16 @@ static pid_t do_cmd(char *cmd, char *machine, char *user, char **remote_argv, in
 	return pid;
 }
 
+/* Older versions turn an empty string as a reference to the current directory.
+ * We now treat this as an error unless --old-args was used. */
+static char *dot_dir_or_error()
+{
+	if (old_style_args || am_server)
+		return ".";
+	rprintf(FERROR, "Empty destination arg specified (use \".\" or see --old-args).\n");
+	exit_cleanup(RERR_SYNTAX);
+}
+
 /* The receiving side operates in one of two modes:
  *
  * 1. it receives any number of files into a destination directory,
@@ -674,7 +697,7 @@ static pid_t do_cmd(char *cmd, char *machine, char *user, char **remote_argv, in
 static char *get_local_name(struct file_list *flist, char *dest_path)
 {
 	STRUCT_STAT st;
-	int statret;
+	int statret, trailing_slash;
 	char *cp;
 
 	if (DEBUG_GTE(RECV, 1)) {
@@ -685,9 +708,8 @@ static char *get_local_name(struct file_list *flist, char *dest_path)
 	if (!dest_path || list_only)
 		return NULL;
 
-	/* Treat an empty string as a copy into the current directory. */
 	if (!*dest_path)
-		dest_path = ".";
+		dest_path = dot_dir_or_error();
 
 	if (daemon_filter_list.head) {
 		char *slash = strrchr(dest_path, '/');
@@ -707,7 +729,29 @@ static char *get_local_name(struct file_list *flist, char *dest_path)
 	}
 
 	/* See what currently exists at the destination. */
-	if ((statret = do_stat(dest_path, &st)) == 0) {
+	statret = do_stat(dest_path, &st);
+	cp = strrchr(dest_path, '/');
+	trailing_slash = cp && !cp[1];
+
+	if (mkpath_dest_arg && statret < 0 && (cp || file_total > 1)) {
+		int save_errno = errno;
+		int ret = make_path(dest_path, file_total > 1 && !trailing_slash ? 0 : MKP_DROP_NAME);
+		if (ret < 0)
+			goto mkdir_error;
+		if (ret && (INFO_GTE(NAME, 1) || stdout_format_has_i)) {
+			if (file_total == 1 || trailing_slash)
+				*cp = '\0';
+			rprintf(FINFO, "created %d director%s for %s\n", ret, ret == 1 ? "y" : "ies", dest_path);
+			if (file_total == 1 || trailing_slash)
+				*cp = '/';
+		}
+		if (ret)
+			statret = do_stat(dest_path, &st);
+		else
+			errno = save_errno;
+	}
+
+	if (statret == 0) {
 		/* If the destination is a dir, enter it and use mode 1. */
 		if (S_ISDIR(st.st_mode)) {
 			if (!change_dir(dest_path, CD_NORMAL)) {
@@ -737,15 +781,12 @@ static char *get_local_name(struct file_list *flist, char *dest_path)
 		exit_cleanup(RERR_FILESELECT);
 	}
 
-	cp = strrchr(dest_path, '/');
-
 	/* If we need a destination directory because the transfer is not
 	 * of a single non-directory or the user has requested one via a
 	 * destination path ending in a slash, create one and use mode 1. */
-	if (file_total > 1 || (cp && !cp[1])) {
-		/* Lop off the final slash (if any). */
-		if (cp && !cp[1])
-			*cp = '\0';
+	if (file_total > 1 || trailing_slash) {
+		if (trailing_slash)
+			*cp = '\0'; /* Lop off the final slash (if any). */
 
 		if (statret == 0) {
 			rprintf(FERROR, "ERROR: destination path is not a directory\n");
@@ -753,6 +794,7 @@ static char *get_local_name(struct file_list *flist, char *dest_path)
 		}
 
 		if (do_mkdir(dest_path, ACCESSPERMS) != 0) {
+		    mkdir_error:
 			rsyserr(FERROR, errno, "mkdir %s failed",
 				full_fname(dest_path));
 			exit_cleanup(RERR_FILEIO);
@@ -762,7 +804,7 @@ static char *get_local_name(struct file_list *flist, char *dest_path)
 		 && strcmp(flist->files[flist->low]->basename, ".") == 0)
 			flist->files[0]->flags |= FLAG_DIR_CREATED;
 
-		if (INFO_GTE(NAME, 1))
+		if (INFO_GTE(NAME, 1) || stdout_format_has_i)
 			rprintf(FINFO, "created directory %s\n", dest_path);
 
 		if (dry_run) {
@@ -790,7 +832,16 @@ static char *get_local_name(struct file_list *flist, char *dest_path)
 		dest_path = "/";
 
 	*cp = '\0';
-	if (!change_dir(dest_path, CD_NORMAL)) {
+	if (dry_run && mkpath_dest_arg && do_stat(dest_path, &st) < 0) {
+		/* --mkpath would have created this parent dir, but a dry run did
+		 * not, so don't chdir into it; flag the destination as not yet
+		 * present (as the dir-creation path above does) so the generator
+		 * doesn't try to compare against the missing tree (#880).  Only
+		 * the missing-parent case is touched, so an ordinary file-to-file
+		 * dry run still itemizes against an existing destination. */
+		dry_run++;
+		change_dir(dest_path, CD_SKIP_CHDIR);
+	} else if (!change_dir(dest_path, CD_NORMAL)) {
 		rsyserr(FERROR, errno, "change_dir#3 %s failed",
 			full_fname(dest_path));
 		exit_cleanup(RERR_FILESELECT);
@@ -977,6 +1028,23 @@ static int do_recv(int f_in, int f_out, char *local_name)
 			backup_dir_buf[backup_dir_len-1] = '/';
 	}
 
+	if (tmpdir) {
+		STRUCT_STAT st;
+		int ret = do_stat(tmpdir, &st);
+		if (ret < 0 || !S_ISDIR(st.st_mode)) {
+			if (ret == 0) {
+				rprintf(FERROR, "The temp-dir is not a directory: %s\n", tmpdir);
+				exit_cleanup(RERR_SYNTAX);
+			}
+			if (errno == ENOENT) {
+				rprintf(FERROR, "The temp-dir does not exist: %s\n", tmpdir);
+				exit_cleanup(RERR_SYNTAX);
+			}
+			rprintf(FERROR, "Failed to stat temp-dir %s: %s\n", tmpdir, strerror(errno));
+			exit_cleanup(RERR_FILEIO);
+		}
+	}
+
 	io_flush(FULL_FLUSH);
 
 	if ((pid = do_fork()) == -1) {
@@ -1037,6 +1105,7 @@ static int do_recv(int f_in, int f_out, char *local_name)
 	}
 
 	am_generator = 1;
+	implied_filter_list.head = implied_filter_list.tail = NULL;
 	flist_receiving_enabled = True;
 
 	io_end_multiplex_in(MPLX_SWITCHING);
@@ -1083,7 +1152,7 @@ static void do_server_recv(int f_in, int f_out, int argc, char *argv[])
 	char *local_name = NULL;
 	int negated_levels;
 
-	if (filesfrom_fd >= 0 && !msgs2stderr && protocol_version < 31) {
+	if (filesfrom_fd >= 0 && msgs2stderr != 1 && protocol_version < 31) {
 		/* We can't mix messages with files-from data on the socket,
 		 * so temporarily turn off info/debug messages. */
 		negate_output_levels();
@@ -1332,15 +1401,6 @@ int client_run(int f_in, int f_out, pid_t pid, int argc, char *argv[])
 	return MAX(exit_code, exit_code2);
 }
 
-static void dup_argv(char *argv[])
-{
-	int i;
-
-	for (i = 0; argv[i]; i++)
-		argv[i] = strdup(argv[i]);
-}
-
-
 /* Start a client for either type of remote connection.  Work out
  * whether the arguments request a remote shell or rsyncd connection,
  * and call the appropriate connection function, then run_client.
@@ -1356,10 +1416,6 @@ static int start_client(int argc, char *argv[])
 	int ret;
 	pid_t pid;
 
-	/* Don't clobber argv[] so that ps(1) can still show the right
-	 * command line. */
-	dup_argv(argv);
-
 	if (!read_batch) { /* for read_batch, NO source is specified */
 		char *path = check_for_hostspec(argv[0], &shell_machine, &rsync_port);
 		if (path) { /* source is remote */
@@ -1386,12 +1442,14 @@ static int start_client(int argc, char *argv[])
 			}
 			am_sender = 0;
 			if (rsync_port)
-				daemon_over_rsh = shell_cmd ? 1 : -1;
+				daemon_connection = shell_cmd ? 1 : -1;
 		} else { /* source is local, check dest arg */
 			am_sender = 1;
 
 			if (argc > 1) {
 				p = argv[--argc];
+				if (!*p)
+					p = dot_dir_or_error();
 				remote_argv = argv + argc;
 			} else {
 				static char *dotarg[1] = { "." };
@@ -1418,7 +1476,7 @@ static int start_client(int argc, char *argv[])
 			} else { /* hostspec was found, so dest is remote */
 				argv[argc] = path;
 				if (rsync_port)
-					daemon_over_rsh = shell_cmd ? 1 : -1;
+					daemon_connection = shell_cmd ? 1 : -1;
 			}
 		}
 	} else {  /* read_batch */
@@ -1432,6 +1490,12 @@ static int start_client(int argc, char *argv[])
 		rsync_port = 0;
 	}
 
+	/* A local transfer doesn't unbackslash anything, so leave the args alone. */
+	if (local_server) {
+		old_style_args = 2;
+		trust_sender_args = trust_sender_filter = 1;
+	}
+
 	if (!rsync_port && remote_argc && !**remote_argv) /* Turn an empty arg into a dot dir. */
 		*remote_argv = ".";
 
@@ -1439,8 +1503,15 @@ static int start_client(int argc, char *argv[])
 		char *dummy_host;
 		int dummy_port = rsync_port;
 		int i;
+		if (!argv[0][0])
+			goto invalid_empty;
 		/* For local source, extra source args must not have hostspec. */
 		for (i = 1; i < argc; i++) {
+			if (!argv[i][0]) {
+			    invalid_empty:
+				rprintf(FERROR, "Empty source arg specified.\n");
+				exit_cleanup(RERR_SYNTAX);
+			}
 			if (check_for_hostspec(argv[i], &dummy_host, &dummy_port)) {
 				rprintf(FERROR, "Unexpected remote arg: %s\n", argv[i]);
 				exit_cleanup(RERR_SYNTAX);
@@ -1450,6 +1521,8 @@ static int start_client(int argc, char *argv[])
 		char *dummy_host;
 		int dummy_port = rsync_port;
 		int i;
+		if (filesfrom_fd < 0)
+			add_implied_include(remote_argv[0], daemon_connection);
 		/* For remote source, any extra source args must have either
 		 * the same hostname or an empty hostname. */
 		for (i = 1; i < remote_argc; i++) {
@@ -1473,6 +1546,7 @@ static int start_client(int argc, char *argv[])
 			if (!rsync_port && !*arg) /* Turn an empty arg into a dot dir. */
 				arg = ".";
 			remote_argv[i] = arg;
+			add_implied_include(arg, daemon_connection);
 		}
 	}
 
@@ -1481,10 +1555,10 @@ static int start_client(int argc, char *argv[])
 	else
 		env_port = rsync_port;
 
-	if (daemon_over_rsh < 0)
+	if (daemon_connection < 0)
 		return start_socket_client(shell_machine, remote_argc, remote_argv, argc, argv);
 
-	if (password_file && !daemon_over_rsh) {
+	if (password_file && !daemon_connection) {
 		rprintf(FERROR, "The --password-file option may only be "
 				"used when accessing an rsync daemon.\n");
 		exit_cleanup(RERR_SYNTAX);
@@ -1503,6 +1577,10 @@ static int start_client(int argc, char *argv[])
 			shell_user = shell_machine;
 			shell_machine = p+1;
 		}
+		if (*shell_machine == '-') {
+			rprintf(FERROR, "Invalid remote host: hostnames may not start with '-'.\n");
+			exit_cleanup(RERR_SYNTAX);
+		}
 	}
 
 	if (DEBUG_GTE(CMD, 2)) {
@@ -1512,15 +1590,17 @@ static int start_client(int argc, char *argv[])
 	}
 
 #ifdef HAVE_PUTENV
-	if (daemon_over_rsh)
+	if (daemon_connection)
 		set_env_num("RSYNC_PORT", env_port);
+#else
+	(void)env_port;
 #endif
 
 	pid = do_cmd(shell_cmd, shell_machine, shell_user, remote_argv, remote_argc, &f_in, &f_out);
 
 	/* if we're running an rsync server on the remote host over a
 	 * remote shell command, we need to do the RSYNCD protocol first */
-	if (daemon_over_rsh) {
+	if (daemon_connection) {
 		int tmpret;
 		tmpret = start_inband_exchange(f_in, f_out, shell_user, remote_argc, remote_argv);
 		if (tmpret < 0)
@@ -1547,16 +1627,23 @@ static void sigusr2_handler(UNUSED(int val))
 	if (!am_server)
 		output_summary();
 	close_all();
+#ifdef GCOV_COVERAGE
+	/* The receiver child is killed here via SIGUSR2 and exits with _exit(),
+	 * bypassing the gcov atexit flush; without this it writes no .gcda. */
+	{ extern void __gcov_dump(void); __gcov_dump(); }
+#endif
 	if (got_xfer_error)
 		_exit(RERR_PARTIAL);
 	_exit(0);
 }
 
+#if defined SIGINFO || defined SIGVTALRM
 static void siginfo_handler(UNUSED(int val))
 {
 	if (!am_server && !INFO_GTE(PROGRESS, 1))
 		want_progress_now = True;
 }
+#endif
 
 void remember_children(UNUSED(int val))
 {
@@ -1584,7 +1671,6 @@ void remember_children(UNUSED(int val))
 #endif
 }
 
-
 /**
  * This routine catches signals and tries to send them to gdb.
  *
@@ -1608,7 +1694,6 @@ const char *get_panic_action(void)
 	return "xterm -display :0 -T Panic -n Panic -e gdb /proc/%d/exe %d";
 }
 
-
 /**
  * Handle a fatal signal by launching a debugger, controlled by $RSYNC_PANIC_ACTION.
  *
@@ -1632,6 +1717,22 @@ static void rsync_panic_handler(UNUSED(int whatsig))
 }
 #endif
 
+static void unset_env_var(const char *var)
+{
+#ifdef HAVE_UNSETENV
+	unsetenv(var);
+#else
+#ifdef HAVE_PUTENV
+	char *mem;
+	if (asprintf(&mem, "%s=", var) < 0)
+		out_of_memory("unset_env_var");
+	putenv(mem);
+#else
+	(void)var;
+#endif
+#endif
+}
+
 
 int main(int argc,char *argv[])
 {
@@ -1667,7 +1768,22 @@ int main(int argc,char *argv[])
 	starttime = time(NULL);
 	our_uid = MY_UID();
 	our_gid = MY_GID();
-	am_root = our_uid == 0;
+	am_root = our_uid == ROOT_UID;
+
+	// DISPLAY should not be emptied unconditionally
+	if (!getenv("SSH_ASKPASS"))
+		unset_env_var("DISPLAY");
+
+#if defined USE_OPENSSL && defined SET_OPENSSL_CONF
+#define TO_STR2(x) #x
+#define TO_STR(x) TO_STR2(x)
+	/* ./configure --with-openssl-conf=/etc/ssl/openssl-rsync.cnf
+	 * defines SET_OPENSSL_CONF as that unquoted pathname. */
+	if (!getenv("OPENSSL_CONF")) /* Don't override it if it's already set. */
+		set_env_str("OPENSSL_CONF", TO_STR(SET_OPENSSL_CONF));
+#undef TO_STR
+#undef TO_STR2
+#endif
 
 	memset(&stats, 0, sizeof(stats));
 
@@ -1687,6 +1803,7 @@ int main(int argc,char *argv[])
 
 #if defined CONFIG_LOCALE && defined HAVE_SETLOCALE
 	setlocale(LC_CTYPE, "");
+	setlocale(LC_NUMERIC, "");
 #endif
 
 	if (!parse_arguments(&argc, (const char ***) &argv)) {
@@ -1737,7 +1854,7 @@ int main(int argc,char *argv[])
 	if (am_server && protect_args) {
 		char buf[MAXPATHLEN];
 		protect_args = 2;
-		read_args(STDIN_FILENO, NULL, buf, sizeof buf, 1, &argv, &argc, NULL);
+		read_args(STDIN_FILENO, NULL, buf, sizeof buf, 1, 0, &argv, &argc, NULL);
 		if (!parse_arguments(&argc, (const char ***) &argv)) {
 			option_error();
 			exit_cleanup(RERR_SYNTAX);

match.c

@@ -3,7 +3,7 @@
  *
  * Copyright (C) 1996 Andrew Tridgell
  * Copyright (C) 1996 Paul Mackerras
- * Copyright (C) 2003-2020 Wayne Davison
+ * Copyright (C) 2003-2023 Wayne Davison
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -24,7 +24,9 @@
 
 extern int checksum_seed;
 extern int append_mode;
-extern int xfersum_type;
+
+extern struct name_num_item *xfer_sum_nni;
+extern int xfer_sum_len;
 
 int updating_basis_file;
 char sender_file_sum[MAX_DIGEST_LEN];
@@ -140,11 +142,14 @@ static void hash_search(int f,struct sum_struct *s,
 {
 	OFF_T offset, aligned_offset, end;
 	int32 k, want_i, aligned_i, backup;
-	char sum2[SUM_LENGTH];
+	char sum2[MAX_DIGEST_LEN];
 	uint32 s1, s2, sum;
 	int more;
 	schar *map;
 
+	// prevent possible memory leaks
+	memset(sum2, 0, sizeof sum2);
+
 	/* want_i is used to encourage adjacent matches, allowing the RLL
 	 * coding of the output to work more efficiently. */
 	want_i = 0;
@@ -230,7 +235,7 @@ static void hash_search(int f,struct sum_struct *s,
 				done_csum2 = 1;
 			}
 
-			if (memcmp(sum2,s->sums[i].sum2,s->s2length) != 0) {
+			if (memcmp(sum2, sum2_at(s, i), s->s2length) != 0) {
 				false_alarms++;
 				continue;
 			}
@@ -250,7 +255,7 @@ static void hash_search(int f,struct sum_struct *s,
 					if (i != aligned_i) {
 						if (sum != s->sums[aligned_i].sum1
 						 || l != s->sums[aligned_i].len
-						 || memcmp(sum2, s->sums[aligned_i].sum2, s->s2length) != 0)
+						 || memcmp(sum2, sum2_at(s, aligned_i), s->s2length) != 0)
 							goto check_want_i;
 						i = aligned_i;
 					}
@@ -269,7 +274,7 @@ static void hash_search(int f,struct sum_struct *s,
 						if (sum != s->sums[i].sum1)
 							goto check_want_i;
 						get_checksum2((char *)map, l, sum2);
-						if (memcmp(sum2, s->sums[i].sum2, s->s2length) != 0)
+						if (memcmp(sum2, sum2_at(s, i), s->s2length) != 0)
 							goto check_want_i;
 						/* OK, we have a re-alignment match.  Bump the offset
 						 * forward to the new match point. */
@@ -288,7 +293,7 @@ static void hash_search(int f,struct sum_struct *s,
 			 && (!updating_basis_file || s->sums[want_i].offset >= offset
 			  || s->sums[want_i].flags & SUMFLG_SAME_OFFSET)
 			 && sum == s->sums[want_i].sum1
-			 && memcmp(sum2, s->sums[want_i].sum2, s->s2length) == 0) {
+			 && memcmp(sum2, sum2_at(s, want_i), s->s2length) == 0) {
 				/* we've found an adjacent match - the RLL coder
 				 * will be happy */
 				i = want_i;
@@ -356,15 +361,13 @@ static void hash_search(int f,struct sum_struct *s,
  **/
 void match_sums(int f, struct sum_struct *s, struct map_struct *buf, OFF_T len)
 {
-	int sum_len;
-
 	last_match = 0;
 	false_alarms = 0;
 	hash_hits = 0;
 	matches = 0;
 	data_transfer = 0;
 
-	sum_init(xfersum_type, checksum_seed);
+	sum_init(xfer_sum_nni, checksum_seed);
 
 	if (append_mode > 0) {
 		if (append_mode == 2) {
@@ -405,22 +408,22 @@ void match_sums(int f, struct sum_struct *s, struct map_struct *buf, OFF_T len)
 		matched(f, s, buf, len, -1);
 	}
 
-	sum_len = sum_end(sender_file_sum);
+	sum_end(sender_file_sum);
 
 	/* If we had a read error, send a bad checksum.  We use all bits
 	 * off as long as the checksum doesn't happen to be that, in
 	 * which case we turn the last 0 bit into a 1. */
 	if (buf && buf->status != 0) {
 		int i;
-		for (i = 0; i < sum_len && sender_file_sum[i] == 0; i++) {}
-		memset(sender_file_sum, 0, sum_len);
-		if (i == sum_len)
+		for (i = 0; i < xfer_sum_len && sender_file_sum[i] == 0; i++) {}
+		memset(sender_file_sum, 0, xfer_sum_len);
+		if (i == xfer_sum_len)
 			sender_file_sum[i-1]++;
 	}
 
 	if (DEBUG_GTE(DELTASUM, 2))
 		rprintf(FINFO,"sending file_sum\n");
-	write_buf(f, sender_file_sum, sum_len);
+	write_buf(f, sender_file_sum, xfer_sum_len);
 
 	if (DEBUG_GTE(DELTASUM, 2)) {
 		rprintf(FINFO, "false_alarms=%d hash_hits=%d matches=%d\n",

maybe-make-man

@@ -1,25 +1,21 @@
 #!/bin/sh
 
-if [ x"$2" = x ]; then
-    echo "Usage: $0 SRC_DIR NAME.NUM.md" 1>&2
+if [ $# != 1 ]; then
+    echo "Usage: $0 NAME.NUM.md" 1>&2
     exit 1
 fi
 
-srcdir="$1"
-inname="$2"
+inname="$1"
+srcdir=`dirname "$0"`
 flagfile="$srcdir/.md2man-works"
-
-if [ ! -d "$srcdir" ]; then
-    echo "The specified SRC_DIR is not a directory: $srcdir" 1>&2
-    exit 1
-fi
+force_flagfile="$srcdir/.md2man-force"
 
 if [ ! -f "$flagfile" ]; then
     # We test our smallest manpage just to see if the python setup works.
-    if "$srcdir/md2man" --test "$srcdir/rsync-ssl.1.md" >/dev/null 2>&1; then
+    if "$srcdir/md-convert" --test "$srcdir/rsync-ssl.1.md" >/dev/null 2>&1; then
 	touch $flagfile
     else
-	outname=`echo "$inname" | sed 's/\.md$//'`
+	outname=`basename "$inname" .md`
 	if [ -f "$outname" ]; then
 	    exit 0
 	elif [ -f "$srcdir/$outname" ]; then
@@ -37,4 +33,10 @@ if [ ! -f "$flagfile" ]; then
     fi
 fi
 
-"$srcdir/md2man" "$srcdir/$inname"
+if [ -f "$force_flagfile" ]; then
+    opt='--force-link-text'
+else
+    opt=''
+fi
+
+"$srcdir/md-convert" $opt "$srcdir/$inname"

md-convert

@@ -0,0 +1,667 @@
+#!/usr/bin/env python3
+
+# This script transforms markdown files into html and (optionally) nroff. The
+# output files are written into the current directory named for the input file
+# without the .md suffix and either the .html suffix or no suffix.
+#
+# If the input .md file has a section number at the end of the name (e.g.,
+# rsync.1.md) a nroff file is also output (PROJ.NUM.md -> PROJ.NUM).
+#
+# The markdown input format has one extra extension: if a numbered list starts
+# at 0, it is turned into a description list. The dl's dt tag is taken from the
+# contents of the first tag inside the li, which is usually a p, code, or
+# strong tag.
+#
+# The cmarkgfm or commonmark lib is used to transforms the input file into
+# html.  Then, the html.parser is used as a state machine that lets us tweak
+# the html and (optionally) output nroff data based on the html tags.
+#
+# If the string @USE_GFM_PARSER@ exists in the file, the string is removed and
+# a github-flavored-markup parser is used to parse the file.
+#
+# The man-page .md files also get the vars @VERSION@, @BINDIR@, and @LIBDIR@
+# substituted.  Some of these values depend on the Makefile $(prefix) (see the
+# generated Makefile).  If the maintainer wants to build files for /usr/local
+# while creating release-ready man-page files for /usr, use the environment to
+# set RSYNC_OVERRIDE_PREFIX=/usr.
+
+# Copyright (C) 2020 - 2021 Wayne Davison
+#
+# This program is freely redistributable.
+
+import os, sys, re, argparse, subprocess, time
+from html.parser import HTMLParser
+
+VALID_PAGES = 'README INSTALL COPYING rsync.1 rrsync.1 rsync-ssl.1 rsyncd.conf.5'.split()
+
+CONSUMES_TXT = set('h1 h2 h3 p li pre'.split())
+
+HTML_START = """\
+<html><head>
+<title>%TITLE%</title>
+<meta charset="UTF-8"/>
+<link href="https://fonts.googleapis.com/css2?family=Roboto&family=Roboto+Mono&display=swap" rel="stylesheet">
+<style>
+body {
+  max-width: 50em;
+  margin: auto;
+}
+body, b, strong, u {
+  font-family: 'Roboto', sans-serif;
+}
+a.tgt { font-face: symbol; font-weight: 400; font-size: 70%; visibility: hidden; text-decoration: none; color: #ddd; padding: 0 4px; border: 0; }
+a.tgt:after { content: '🔗'; }
+a.tgt:hover { color: #444; background-color: #eaeaea; }
+h1:hover > a.tgt, h2:hover > a.tgt, h3:hover > a.tgt, dt:hover > a.tgt { visibility: visible; }
+code {
+  font-family: 'Roboto Mono', monospace;
+  font-weight: bold;
+  white-space: pre;
+}
+pre code {
+  display: block;
+  font-weight: normal;
+}
+blockquote pre code {
+  background: #f1f1f1;
+}
+dd p:first-of-type {
+  margin-block-start: 0em;
+}
+</style>
+</head><body>
+"""
+
+TABLE_STYLE = """\
+table {
+  border-color: grey;
+  border-spacing: 0;
+}
+tr {
+  border-top: 1px solid grey;
+}
+tr:nth-child(2n) {
+  background-color: #f6f8fa;
+}
+th, td {
+  border: 1px solid #dfe2e5;
+  text-align: center;
+  padding-left: 1em;
+  padding-right: 1em;
+}
+"""
+
+MAN_HTML_END = """\
+<div style="float: right"><p><i>%s</i></p></div>
+"""
+
+HTML_END = """\
+</body></html>
+"""
+
+MAN_START = r"""
+.TH "%s" "%s" "%s" "%s" "User Commands"
+.\" prefix=%s
+""".lstrip()
+
+MAN_END = """\
+"""
+
+NORM_FONT = ('\1', r"\fP")
+BOLD_FONT = ('\2', r"\fB")
+UNDR_FONT = ('\3', r"\fI")
+NBR_DASH = ('\4', r"\-")
+NBR_SPACE = ('\xa0', r"\ ")
+
+FILENAME_RE = re.compile(r'^(?P<fn>(?P<srcdir>.+/)?(?P<name>(?P<prog>[^/]+?)(\.(?P<sect>\d+))?)\.md)$')
+ASSIGNMENT_RE = re.compile(r'^(\w+)=(.+)')
+VER_RE = re.compile(r'^#define\s+RSYNC_VERSION\s+"(\d.+?)"', re.M)
+TZ_RE = re.compile(r'^#define\s+MAINTAINER_TZ_OFFSET\s+(-?\d+(\.\d+)?)', re.M)
+VAR_REF_RE = re.compile(r'\$\{(\w+)\}')
+VERSION_RE = re.compile(r' (\d[.\d]+)[, ]')
+BIN_CHARS_RE = re.compile(r'[\1-\7]+')
+LONG_OPT_DASH_RE = re.compile(r'(--\w[-\w]+)')
+SPACE_DOUBLE_DASH_RE = re.compile(r'\s--(\s)')
+NON_SPACE_SINGLE_DASH_RE = re.compile(r'(^|\W)-')
+WHITESPACE_RE = re.compile(r'\s')
+CODE_BLOCK_RE = re.compile(r'[%s]([^=%s]+)[=%s]' % (BOLD_FONT[0], NORM_FONT[0], NORM_FONT[0]))
+NBR_DASH_RE = re.compile(r'[%s]' % NBR_DASH[0])
+INVALID_TARGET_CHARS_RE = re.compile(r'[^-A-Za-z0-9._]')
+INVALID_START_CHAR_RE = re.compile(r'^([^A-Za-z0-9])')
+MANIFY_LINESTART_RE = re.compile(r"^(['.])", flags=re.M)
+
+md_parser = None
+env_subs = { }
+
+warning_count = 0
+
+def main():
+    for mdfn in args.mdfiles:
+        parse_md_file(mdfn)
+
+    if args.test:
+        print("The test was successful.")
+
+
+def parse_md_file(mdfn):
+    fi = FILENAME_RE.match(mdfn)
+    if not fi:
+        die('Failed to parse a md input file name:', mdfn)
+    fi = argparse.Namespace(**fi.groupdict())
+    fi.want_manpage = not not fi.sect
+    if fi.want_manpage:
+        fi.title = fi.prog + '(' + fi.sect + ') manpage'
+    else:
+        fi.title = fi.prog + ' for rsync'
+
+    if fi.want_manpage:
+        if not env_subs:
+            find_man_substitutions()
+        prog_ver = 'rsync ' + env_subs['VERSION']
+        if fi.prog != 'rsync':
+            prog_ver = fi.prog + ' from ' + prog_ver
+        fi.man_headings = (fi.prog, fi.sect, env_subs['date'], prog_ver, env_subs['prefix'])
+
+    with open(mdfn, 'r', encoding='utf-8') as fh:
+        txt = fh.read()
+
+    use_gfm_parser = '@USE_GFM_PARSER@' in txt
+    if use_gfm_parser:
+        txt = txt.replace('@USE_GFM_PARSER@', '')
+
+    if fi.want_manpage:
+        txt = (txt.replace('@VERSION@', env_subs['VERSION'])
+                  .replace('@BINDIR@', env_subs['bindir'])
+                  .replace('@LIBDIR@', env_subs['libdir']))
+
+    if use_gfm_parser:
+        if not gfm_parser:
+            die('Input file requires cmarkgfm parser:', mdfn)
+        fi.html_in = gfm_parser(txt)
+    else:
+        fi.html_in = md_parser(txt)
+    txt = None
+
+    TransformHtml(fi)
+
+    if args.test:
+        return
+
+    output_list = [ (fi.name + '.html', fi.html_out) ]
+    if fi.want_manpage:
+        output_list += [ (fi.name, fi.man_out) ]
+    for fn, txt in output_list:
+        if args.dest and args.dest != '.':
+            fn = os.path.join(args.dest, fn)
+        if os.path.lexists(fn):
+            os.unlink(fn)
+        print("Wrote:", fn)
+        with open(fn, 'w', encoding='utf-8') as fh:
+            fh.write(txt)
+
+
+def find_man_substitutions():
+    srcdir = os.path.dirname(sys.argv[0]) + '/'
+    mtime = 0
+
+    git_dir = srcdir + '.git'
+    if os.path.lexists(git_dir):
+        mtime = int(subprocess.check_output(['git', '--git-dir', git_dir, 'log', '-1', '--format=%at']))
+
+    # Allow "prefix" to be overridden via the environment:
+    env_subs['prefix'] = os.environ.get('RSYNC_OVERRIDE_PREFIX', None)
+
+    if args.test:
+        env_subs['VERSION'] = '1.0.0'
+        env_subs['bindir'] = '/usr/bin'
+        env_subs['libdir'] = '/usr/lib/rsync'
+        tz_offset = 0
+    else:
+        for fn in (srcdir + 'version.h', 'Makefile'):
+            try:
+                st = os.lstat(fn)
+            except OSError:
+                die('Failed to find', srcdir + fn)
+            if not mtime:
+                mtime = st.st_mtime
+
+        with open(srcdir + 'version.h', 'r', encoding='utf-8') as fh:
+            txt = fh.read()
+        m = VER_RE.search(txt)
+        env_subs['VERSION'] = m.group(1)
+        m = TZ_RE.search(txt) # the tzdata lib may not be installed, so we use a simple hour offset
+        tz_offset = float(m.group(1)) * 60 * 60
+
+        with open('Makefile', 'r', encoding='utf-8') as fh:
+            for line in fh:
+                m = ASSIGNMENT_RE.match(line)
+                if not m:
+                    continue
+                var, val = (m.group(1), m.group(2))
+                if var == 'prefix' and env_subs[var] is not None:
+                    continue
+                while VAR_REF_RE.search(val):
+                    val = VAR_REF_RE.sub(lambda m: env_subs[m.group(1)], val)
+                env_subs[var] = val
+                if var == 'srcdir':
+                    break
+
+    env_subs['date'] = time.strftime('%d %b %Y', time.gmtime(mtime + tz_offset)).lstrip('0')
+
+    if 'SOURCE_DATE_EPOCH' in os.environ:
+        env_subs['date'] = time.strftime('%d %b %Y', time.gmtime(int(os.environ.get('SOURCE_DATE_EPOCH', time.time()))))
+
+
+def html_via_commonmark(txt):
+    return commonmark.HtmlRenderer().render(commonmark.Parser().parse(txt))
+
+
+class TransformHtml(HTMLParser):
+    def __init__(self, fi):
+        HTMLParser.__init__(self, convert_charrefs=True)
+
+        self.fn = fi.fn
+
+        st = self.state = argparse.Namespace(
+                list_state = [ ],
+                p_macro = ".P\n",
+                at_first_tag_in_li = False,
+                at_first_tag_in_dd = False,
+                dt_from = None,
+                in_pre = False,
+                in_code = False,
+                html_out = [ HTML_START.replace('%TITLE%', fi.title) ],
+                man_out = [ ],
+                txt = '',
+                want_manpage = fi.want_manpage,
+                created_hashtags = set(),
+                derived_hashtags = set(),
+                referenced_hashtags = set(),
+                bad_hashtags = set(),
+                latest_targets = [ ],
+                opt_prefix = 'opt',
+                a_href = None,
+                a_href_external = False,
+                a_txt_start = None,
+                after_a_tag = False,
+                target_suf = '',
+                )
+
+        if st.want_manpage:
+            st.man_out.append(MAN_START % fi.man_headings)
+
+        if '</table>' in fi.html_in:
+            st.html_out[0] = st.html_out[0].replace('</style>', TABLE_STYLE + '</style>')
+
+        self.feed(fi.html_in)
+        fi.html_in = None
+
+        if st.want_manpage:
+            st.html_out.append(MAN_HTML_END % env_subs['date'])
+        st.html_out.append(HTML_END)
+        st.man_out.append(MAN_END)
+
+        fi.html_out = ''.join(st.html_out)
+        st.html_out = None
+
+        fi.man_out = ''.join(st.man_out)
+        st.man_out = None
+
+        for tgt, txt in st.derived_hashtags:
+            derived = txt2target(txt, tgt)
+            if derived not in st.created_hashtags:
+                txt = BIN_CHARS_RE.sub('', txt.replace(NBR_DASH[0], '-').replace(NBR_SPACE[0], ' '))
+                warn('Unknown derived hashtag link in', self.fn, 'based on:', (tgt, txt))
+
+        for bad in st.bad_hashtags:
+            if bad in st.created_hashtags:
+                warn('Missing "#" in hashtag link in', self.fn + ':', bad)
+            else:
+                warn('Unknown non-hashtag link in', self.fn + ':', bad)
+
+        for bad in st.referenced_hashtags - st.created_hashtags:
+            warn('Unknown hashtag link in', self.fn + ':', '#' + bad)
+
+    def handle_UE(self):
+        st = self.state
+        if st.txt.startswith(('.', ',', '!', '?', ';', ':')):
+            st.man_out[-1] = ".UE " + st.txt[0] + "\n"
+            st.txt = st.txt[1:]
+        st.after_a_tag = False
+
+    def handle_starttag(self, tag, attrs_list):
+        st = self.state
+        if args.debug:
+            self.output_debug('START', (tag, attrs_list))
+        if st.at_first_tag_in_li:
+            if st.list_state[-1] == 'dl':
+                st.dt_from = tag
+                if tag == 'p':
+                    tag = 'dt'
+                else:
+                    st.html_out.append('<dt>')
+            elif tag == 'p':
+                st.at_first_tag_in_dd = True # Kluge to suppress a .P at the start of an li.
+            st.at_first_tag_in_li = False
+        if tag == 'p':
+            if not st.at_first_tag_in_dd:
+                st.man_out.append(st.p_macro)
+        elif tag == 'li':
+            st.at_first_tag_in_li = True
+            lstate = st.list_state[-1]
+            if lstate == 'dl':
+                return
+            if lstate == 'o':
+                st.man_out.append(".IP o\n")
+            else:
+                st.man_out.append(".IP " + str(lstate) + ".\n")
+                st.list_state[-1] += 1
+        elif tag == 'blockquote':
+            st.man_out.append(".RS 4\n")
+        elif tag == 'pre':
+            st.in_pre = True
+            st.man_out.append(st.p_macro + ".nf\n")
+        elif tag == 'code' and not st.in_pre:
+            st.in_code = True
+            st.txt += BOLD_FONT[0]
+        elif tag == 'strong' or tag == 'b':
+            st.txt += BOLD_FONT[0]
+        elif tag == 'em' or  tag == 'i':
+            if st.want_manpage:
+                tag = 'u' # Change it into underline to be more like the manpage
+                st.txt += UNDR_FONT[0]
+        elif tag == 'ol':
+            start = 1
+            for var, val in attrs_list:
+                if var == 'start':
+                    start = int(val) # We only support integers.
+                    break
+            if st.list_state:
+                st.man_out.append(".RS\n")
+            if start == 0:
+                tag = 'dl'
+                attrs_list = [ ]
+                st.list_state.append('dl')
+            else:
+                st.list_state.append(start)
+            st.man_out.append(st.p_macro)
+            st.p_macro = ".IP\n"
+        elif tag == 'ul':
+            st.man_out.append(st.p_macro)
+            if st.list_state:
+                st.man_out.append(".RS\n")
+                st.p_macro = ".IP\n"
+            st.list_state.append('o')
+        elif tag == 'hr':
+            st.man_out.append(".l\n")
+            st.html_out.append("<hr />")
+            return
+        elif tag == 'a':
+            st.a_href = None
+            for var, val in attrs_list:
+                if var == 'href':
+                    if val.startswith(('https://', 'http://', 'mailto:', 'ftp:')):
+                        if st.after_a_tag:
+                            self.handle_UE()
+                        st.man_out.append(manify(st.txt.strip()) + "\n")
+                        st.man_out.append(".UR " + val + "\n")
+                        st.txt = ''
+                        st.a_href = val
+                        st.a_href_external = True
+                    elif '#' in val:
+                        pg, tgt = val.split('#', 1)
+                        if pg and pg not in VALID_PAGES or '#' in tgt:
+                            st.bad_hashtags.add(val)
+                        elif tgt in ('', 'opt', 'dopt'):
+                            st.a_href = val
+                            st.a_href_external = False
+                        elif pg == '':
+                            st.referenced_hashtags.add(tgt)
+                            if tgt in st.latest_targets:
+                                warn('Found link to the current section in', self.fn + ':', val)
+                    elif val not in VALID_PAGES:
+                        st.bad_hashtags.add(val)
+            st.a_txt_start = len(st.txt)
+        st.html_out.append('<' + tag + ''.join(' ' + var + '="' + htmlify(val) + '"' for var, val in attrs_list) + '>')
+        st.at_first_tag_in_dd = False
+
+
+    def handle_endtag(self, tag):
+        st = self.state
+        if args.debug:
+            self.output_debug('END', (tag,))
+        if st.after_a_tag:
+            self.handle_UE()
+        if tag in CONSUMES_TXT or st.dt_from == tag:
+            txt = st.txt.strip()
+            st.txt = ''
+        else:
+            txt = None
+        add_to_txt = None
+        if tag == 'h1':
+            tgt = txt
+            target_suf = ''
+            if tgt.startswith('NEWS for '):
+                m = VERSION_RE.search(tgt)
+                if m:
+                    tgt = m.group(1)
+                    st.target_suf = '-' + tgt
+            self.add_targets(tag, tgt)
+        elif tag == 'h2':
+            st.man_out.append(st.p_macro + '.SH "' + manify(txt) + '"\n')
+            self.add_targets(tag, txt, st.target_suf)
+            st.opt_prefix = 'dopt' if txt == 'DAEMON OPTIONS' else 'opt'
+        elif tag == 'h3':
+            st.man_out.append(st.p_macro + '.SS "' + manify(txt) + '"\n')
+            self.add_targets(tag, txt, st.target_suf)
+        elif tag == 'p':
+            if st.dt_from == 'p':
+                tag = 'dt'
+                st.man_out.append('.IP "' + manify(txt) + '"\n')
+                if txt.startswith(BOLD_FONT[0]):
+                    self.add_targets(tag, txt)
+                st.dt_from = None
+            elif txt != '':
+                st.man_out.append(manify(txt) + "\n")
+        elif tag == 'li':
+            if st.list_state[-1] == 'dl':
+                if st.at_first_tag_in_li:
+                    die("Invalid 0. -> td translation")
+                tag = 'dd'
+            if txt != '':
+                st.man_out.append(manify(txt) + "\n")
+            st.at_first_tag_in_li = False
+        elif tag == 'blockquote':
+            st.man_out.append(".RE\n")
+        elif tag == 'pre':
+            st.in_pre = False
+            st.man_out.append(manify(txt) + "\n.fi\n")
+        elif (tag == 'code' and not st.in_pre):
+            st.in_code = False
+            add_to_txt = NORM_FONT[0]
+        elif tag == 'strong' or tag == 'b':
+            add_to_txt = NORM_FONT[0]
+        elif tag == 'em' or  tag == 'i':
+            if st.want_manpage:
+                tag = 'u' # Change it into underline to be more like the manpage
+                add_to_txt = NORM_FONT[0]
+        elif tag == 'ol' or tag == 'ul':
+            if st.list_state.pop() == 'dl':
+                tag = 'dl'
+            if st.list_state:
+                st.man_out.append(".RE\n")
+            else:
+                st.p_macro = ".P\n"
+            st.at_first_tag_in_dd = False
+        elif tag == 'hr':
+            return
+        elif tag == 'a':
+            if st.a_href_external:
+                st.txt = st.txt.strip()
+                if args.force_link_text or st.a_href != st.txt:
+                    st.man_out.append(manify(st.txt) + "\n")
+                st.man_out.append(".UE\n") # This might get replaced with a punctuation version in handle_UE()
+                st.after_a_tag = True
+                st.a_href_external = False
+                st.txt = ''
+            elif st.a_href:
+                atxt = st.txt[st.a_txt_start:]
+                find = 'href="' + st.a_href + '"'
+                for j in range(len(st.html_out)-1, 0, -1):
+                    if find in st.html_out[j]:
+                        pg, tgt = st.a_href.split('#', 1)
+                        derived = txt2target(atxt, tgt)
+                        if pg == '':
+                            if derived in st.latest_targets:
+                                warn('Found link to the current section in', self.fn + ':', st.a_href)
+                            st.derived_hashtags.add((tgt, atxt))
+                        st.html_out[j] = st.html_out[j].replace(find, 'href="' + pg + '#' + derived + '"')
+                        break
+                else:
+                    die('INTERNAL ERROR: failed to find href in html data:', find)
+        st.html_out.append('</' + tag + '>')
+        if add_to_txt:
+            if txt is None:
+                st.txt += add_to_txt
+            else:
+                txt += add_to_txt
+        if st.dt_from == tag:
+            st.man_out.append('.IP "' + manify(txt) + '"\n')
+            st.html_out.append('</dt><dd>')
+            st.at_first_tag_in_dd = True
+            st.dt_from = None
+        elif tag == 'dt':
+            st.html_out.append('<dd>')
+            st.at_first_tag_in_dd = True
+
+
+    def handle_data(self, txt):
+        st = self.state
+        if '](' in txt:
+            warn('Malformed link in', self.fn + ':', txt)
+        if args.debug:
+            self.output_debug('DATA', (txt,))
+        if st.in_pre:
+            html = htmlify(txt)
+        else:
+            txt = LONG_OPT_DASH_RE.sub(lambda x: x.group(1).replace('-', NBR_DASH[0]), txt)
+            txt = SPACE_DOUBLE_DASH_RE.sub(NBR_SPACE[0] + r'--\1', txt).replace('--', NBR_DASH[0]*2)
+            txt = NON_SPACE_SINGLE_DASH_RE.sub(r'\1' + NBR_DASH[0], txt)
+            html = htmlify(txt)
+            if st.in_code:
+                txt = WHITESPACE_RE.sub(NBR_SPACE[0], txt)
+                html = html.replace(NBR_DASH[0], '-').replace(NBR_SPACE[0], ' ') # <code> is non-breaking in CSS
+        st.html_out.append(html.replace(NBR_SPACE[0], '&nbsp;').replace(NBR_DASH[0], '-&#8288;'))
+        st.txt += txt
+
+
+    def add_targets(self, tag, txt, suf=None):
+        st = self.state
+        tag = '<' + tag + '>'
+        targets = CODE_BLOCK_RE.findall(txt)
+        if not targets:
+            targets = [ txt ]
+        tag_pos = 0
+        for txt in targets:
+            txt = txt2target(txt, st.opt_prefix)
+            if not txt:
+                continue
+            if suf:
+                txt += suf
+            if txt in st.created_hashtags:
+                for j in range(2, 1000):
+                    chk = txt + '-' + str(j)
+                    if chk not in st.created_hashtags:
+                        print('Made link target unique:', chk)
+                        txt = chk
+                        break
+            if tag_pos == 0:
+                tag_pos -= 1
+                while st.html_out[tag_pos] != tag:
+                    tag_pos -= 1
+                st.html_out[tag_pos] = tag[:-1] + ' id="' + txt + '">'
+                st.html_out.append('<a href="#' + txt + '" class="tgt"></a>')
+                tag_pos -= 1 # take into account the append
+            else:
+                st.html_out[tag_pos] = '<span id="' + txt + '"></span>' + st.html_out[tag_pos]
+            st.created_hashtags.add(txt)
+        st.latest_targets = targets
+
+
+    def output_debug(self, event, extra):
+        import pprint
+        st = self.state
+        if args.debug < 2:
+            st = argparse.Namespace(**vars(st))
+            if len(st.html_out) > 2:
+                st.html_out = ['...'] + st.html_out[-2:]
+            if len(st.man_out) > 2:
+                st.man_out = ['...'] + st.man_out[-2:]
+        print(event, extra)
+        pprint.PrettyPrinter(indent=2).pprint(vars(st))
+
+
+def txt2target(txt, opt_prefix):
+    txt = txt.strip().rstrip(':')
+    m = CODE_BLOCK_RE.search(txt)
+    if m:
+        txt = m.group(1)
+    txt = NBR_DASH_RE.sub('-', txt)
+    txt = BIN_CHARS_RE.sub('', txt)
+    txt = INVALID_TARGET_CHARS_RE.sub('_', txt)
+    if opt_prefix and txt.startswith('-'):
+        txt = opt_prefix + txt
+    else:
+        txt = INVALID_START_CHAR_RE.sub(r't\1', txt)
+    return txt
+
+
+def manify(txt):
+    return MANIFY_LINESTART_RE.sub(r'\&\1', txt.replace('\\', '\\\\')
+            .replace(NBR_SPACE[0], NBR_SPACE[1])
+            .replace(NBR_DASH[0], NBR_DASH[1])
+            .replace(NORM_FONT[0], NORM_FONT[1])
+            .replace(BOLD_FONT[0], BOLD_FONT[1])
+            .replace(UNDR_FONT[0], UNDR_FONT[1]))
+
+
+def htmlify(txt):
+    return txt.replace('&', '&amp;').replace('<', '&lt;').replace('>', '&gt;').replace('"', '&quot;')
+
+
+def warn(*msg):
+    print(*msg, file=sys.stderr)
+    global warning_count
+    warning_count += 1
+
+
+def die(*msg):
+    warn(*msg)
+    sys.exit(1)
+
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(description="Convert markdown into html and (optionally) nroff. Each input filename must have a .md suffix, which is changed to .html for the output filename. If the input filename ends with .num.md (e.g. foo.1.md) then a nroff file is also output with the input filename's .md suffix removed (e.g. foo.1).", add_help=False)
+    parser.add_argument('--test', action='store_true', help="Just test the parsing without outputting any files.")
+    parser.add_argument('--dest', metavar='DIR', help="Create files in DIR instead of the current directory.")
+    parser.add_argument('--force-link-text', action='store_true', help="Don't remove the link text if it matches the link href. Useful when nroff doesn't understand .UR and .UE.")
+    parser.add_argument('--debug', '-D', action='count', default=0, help='Output copious info on the html parsing. Repeat for even more.')
+    parser.add_argument("--help", "-h", action="help", help="Output this help message and exit.")
+    parser.add_argument("mdfiles", metavar='FILE.md', nargs='+', help="One or more .md files to convert.")
+    args = parser.parse_args()
+
+    try:
+        import cmarkgfm
+        md_parser = cmarkgfm.markdown_to_html
+        gfm_parser = cmarkgfm.github_flavored_markdown_to_html
+    except:
+        try:
+            import commonmark
+            md_parser = html_via_commonmark
+        except:
+            die("Failed to find cmarkgfm or commonmark for python3.")
+        gfm_parser = None
+
+    main()
+    if warning_count:
+        sys.exit(1)

md2man

@@ -1,387 +0,0 @@
-#!/usr/bin/env python3
-
-# This script takes a manpage written in markdown and turns it into an html web
-# page and a nroff man page.  The input file must have the name of the program
-# and the section in this format: NAME.NUM.md.  The output files are written
-# into the current directory named NAME.NUM.html and NAME.NUM.  The input
-# format has one extra extension: if a numbered list starts at 0, it is turned
-# into a description list. The dl's dt tag is taken from the contents of the
-# first tag inside the li, which is usually a p, code, or strong tag.  The
-# cmarkgfm or commonmark lib is used to transforms the input file into html.
-# The html.parser is used as a state machine that both tweaks the html and
-# outputs the nroff data based on the html tags.
-#
-# Copyright (C) 2020 Wayne Davison
-#
-# This program is freely redistributable.
-
-import sys, os, re, argparse, subprocess, time
-from html.parser import HTMLParser
-
-CONSUMES_TXT = set('h1 h2 p li pre'.split())
-
-HTML_START = """\
-<html><head>
-<title>%s</title>
-<link href="https://fonts.googleapis.com/css2?family=Roboto&family=Roboto+Mono&display=swap" rel="stylesheet">
-<style>
-body {
-  max-width: 50em;
-  margin: auto;
-}
-body, b, strong, u {
-  font-family: 'Roboto', sans-serif;
-}
-code {
-  font-family: 'Roboto Mono', monospace;
-  font-weight: bold;
-  white-space: pre;
-}
-pre code {
-  display: block;
-  font-weight: normal;
-}
-blockquote pre code {
-  background: #f1f1f1;
-}
-dd p:first-of-type {
-  margin-block-start: 0em;
-}
-</style>
-</head><body>
-"""
-
-HTML_END = """\
-<div style="float: right"><p><i>%s</i></p></div>
-</body></html>
-"""
-
-MAN_START = r"""
-.TH "%s" "%s" "%s" "%s" "User Commands"
-""".lstrip()
-
-MAN_END = """\
-"""
-
-NORM_FONT = ('\1', r"\fP")
-BOLD_FONT = ('\2', r"\fB")
-UNDR_FONT = ('\3', r"\fI")
-NBR_DASH = ('\4', r"\-")
-NBR_SPACE = ('\xa0', r"\ ")
-
-md_parser = None
-
-def main():
-    fi = re.match(r'^(?P<fn>(?P<srcdir>.+/)?(?P<name>(?P<prog>[^/]+)\.(?P<sect>\d+))\.md)$', args.mdfile)
-    if not fi:
-        die('Failed to parse NAME.NUM.md out of input file:', args.mdfile)
-    fi = argparse.Namespace(**fi.groupdict())
-
-    if not fi.srcdir:
-        fi.srcdir = './'
-
-    fi.title = fi.prog + '(' + fi.sect + ') man page'
-    fi.mtime = 0
-
-    git_dir = fi.srcdir + '.git'
-    if os.path.lexists(git_dir):
-        fi.mtime = int(subprocess.check_output(['git', '--git-dir', git_dir, 'log', '-1', '--format=%at']))
-
-    env_subs = { 'prefix': os.environ.get('RSYNC_OVERRIDE_PREFIX', None) }
-
-    if args.test:
-        env_subs['VERSION'] = '1.0.0'
-        env_subs['libdir'] = '/usr'
-    else:
-        for fn in (fi.srcdir + 'version.h', 'Makefile'):
-            try:
-                st = os.lstat(fn)
-            except:
-                die('Failed to find', fi.srcdir + fn)
-            if not fi.mtime:
-                fi.mtime = st.st_mtime
-
-        with open(fi.srcdir + 'version.h', 'r', encoding='utf-8') as fh:
-            txt = fh.read()
-        m = re.search(r'"(.+?)"', txt)
-        env_subs['VERSION'] = m.group(1)
-
-        with open('Makefile', 'r', encoding='utf-8') as fh:
-            for line in fh:
-                m = re.match(r'^(\w+)=(.+)', line)
-                if not m:
-                    continue
-                var, val = (m.group(1), m.group(2))
-                if var == 'prefix' and env_subs[var] is not None:
-                    continue
-                while re.search(r'\$\{', val):
-                    val = re.sub(r'\$\{(\w+)\}', lambda m: env_subs[m.group(1)], val)
-                env_subs[var] = val
-                if var == 'srcdir':
-                    break
-
-    with open(fi.fn, 'r', encoding='utf-8') as fh:
-        txt = fh.read()
-
-    txt = re.sub(r'@VERSION@', env_subs['VERSION'], txt)
-    txt = re.sub(r'@LIBDIR@', env_subs['libdir'], txt)
-
-    fi.html_in = md_parser(txt)
-    txt = None
-
-    fi.date = time.strftime('%d %b %Y', time.localtime(fi.mtime))
-    fi.man_headings = (fi.prog, fi.sect, fi.date, fi.prog + ' ' + env_subs['VERSION'])
-
-    HtmlToManPage(fi)
-
-    if args.test:
-        print("The test was successful.")
-        return
-
-    for fn, txt in ((fi.name + '.html', fi.html_out), (fi.name, fi.man_out)):
-        print("Wrote:", fn)
-        with open(fn, 'w', encoding='utf-8') as fh:
-            fh.write(txt)
-
-
-def html_via_cmarkgfm(txt):
-    return cmarkgfm.markdown_to_html(txt)
-
-
-def html_via_commonmark(txt):
-    return commonmark.HtmlRenderer().render(commonmark.Parser().parse(txt))
-
-
-class HtmlToManPage(HTMLParser):
-    def __init__(self, fi):
-        HTMLParser.__init__(self, convert_charrefs=True)
-
-        st = self.state = argparse.Namespace(
-                list_state = [ ],
-                p_macro = ".P\n",
-                at_first_tag_in_li = False,
-                at_first_tag_in_dd = False,
-                dt_from = None,
-                in_pre = False,
-                in_code = False,
-                html_out = [ HTML_START % fi.title ],
-                man_out = [ MAN_START % fi.man_headings ],
-                txt = '',
-                )
-
-        self.feed(fi.html_in)
-        fi.html_in = None
-
-        st.html_out.append(HTML_END % fi.date)
-        st.man_out.append(MAN_END)
-
-        fi.html_out = ''.join(st.html_out)
-        st.html_out = None
-
-        fi.man_out = ''.join(st.man_out)
-        st.man_out = None
-
-
-    def handle_starttag(self, tag, attrs_list):
-        st = self.state
-        if args.debug:
-            self.output_debug('START', (tag, attrs_list))
-        if st.at_first_tag_in_li:
-            if st.list_state[-1] == 'dl':
-                st.dt_from = tag
-                if tag == 'p':
-                    tag = 'dt'
-                else:
-                    st.html_out.append('<dt>')
-            elif tag == 'p':
-                st.at_first_tag_in_dd = True # Kluge to suppress a .P at the start of an li.
-            st.at_first_tag_in_li = False
-        if tag == 'p':
-            if not st.at_first_tag_in_dd:
-                st.man_out.append(st.p_macro)
-        elif tag == 'li':
-            st.at_first_tag_in_li = True
-            lstate = st.list_state[-1]
-            if lstate == 'dl':
-                return
-            if lstate == 'o':
-                st.man_out.append(".IP o\n")
-            else:
-                st.man_out.append(".IP " + str(lstate) + ".\n")
-                st.list_state[-1] += 1
-        elif tag == 'blockquote':
-            st.man_out.append(".RS 4\n")
-        elif tag == 'pre':
-            st.in_pre = True
-            st.man_out.append(st.p_macro + ".nf\n")
-        elif tag == 'code' and not st.in_pre:
-            st.in_code = True
-            st.txt += BOLD_FONT[0]
-        elif tag == 'strong' or tag == 'b':
-            st.txt += BOLD_FONT[0]
-        elif tag == 'em' or  tag == 'i':
-            tag = 'u' # Change it into underline to be more like the man page
-            st.txt += UNDR_FONT[0]
-        elif tag == 'ol':
-            start = 1
-            for var, val in attrs_list:
-                if var == 'start':
-                    start = int(val) # We only support integers.
-                    break
-            if st.list_state:
-                st.man_out.append(".RS\n")
-            if start == 0:
-                tag = 'dl'
-                attrs_list = [ ]
-                st.list_state.append('dl')
-            else:
-                st.list_state.append(start)
-            st.man_out.append(st.p_macro)
-            st.p_macro = ".IP\n"
-        elif tag == 'ul':
-            st.man_out.append(st.p_macro)
-            if st.list_state:
-                st.man_out.append(".RS\n")
-                st.p_macro = ".IP\n"
-            st.list_state.append('o')
-        st.html_out.append('<' + tag + ''.join(' ' + var + '="' + htmlify(val) + '"' for var, val in attrs_list) + '>')
-        st.at_first_tag_in_dd = False
-
-
-    def handle_endtag(self, tag):
-        st = self.state
-        if args.debug:
-            self.output_debug('END', (tag,))
-        if tag in CONSUMES_TXT or st.dt_from == tag:
-            txt = st.txt.strip()
-            st.txt = ''
-        else:
-            txt = None
-        add_to_txt = None
-        if tag == 'h1':
-            st.man_out.append(st.p_macro + '.SH "' + manify(txt) + '"\n')
-        elif tag == 'h2':
-            st.man_out.append(st.p_macro + '.SS "' + manify(txt) + '"\n')
-        elif tag == 'p':
-            if st.dt_from == 'p':
-                tag = 'dt'
-                st.man_out.append('.IP "' + manify(txt) + '"\n')
-                st.dt_from = None
-            elif txt != '':
-                st.man_out.append(manify(txt) + "\n")
-        elif tag == 'li':
-            if st.list_state[-1] == 'dl':
-                if st.at_first_tag_in_li:
-                    die("Invalid 0. -> td translation")
-                tag = 'dd'
-            if txt != '':
-                st.man_out.append(manify(txt) + "\n")
-            st.at_first_tag_in_li = False
-        elif tag == 'blockquote':
-            st.man_out.append(".RE\n")
-        elif tag == 'pre':
-            st.in_pre = False
-            st.man_out.append(manify(txt) + "\n.fi\n")
-        elif (tag == 'code' and not st.in_pre):
-            st.in_code = False
-            add_to_txt = NORM_FONT[0]
-        elif tag == 'strong' or tag == 'b':
-            add_to_txt = NORM_FONT[0]
-        elif tag == 'em' or  tag == 'i':
-            tag = 'u' # Change it into underline to be more like the man page
-            add_to_txt = NORM_FONT[0]
-        elif tag == 'ol' or tag == 'ul':
-            if st.list_state.pop() == 'dl':
-                tag = 'dl'
-            if st.list_state:
-                st.man_out.append(".RE\n")
-            else:
-                st.p_macro = ".P\n"
-            st.at_first_tag_in_dd = False
-        st.html_out.append('</' + tag + '>')
-        if add_to_txt:
-            if txt is None:
-                st.txt += add_to_txt
-            else:
-                txt += add_to_txt
-        if st.dt_from == tag:
-            st.man_out.append('.IP "' + manify(txt) + '"\n')
-            st.html_out.append('</dt><dd>')
-            st.at_first_tag_in_dd = True
-            st.dt_from = None
-        elif tag == 'dt':
-            st.html_out.append('<dd>')
-            st.at_first_tag_in_dd = True
-
-
-    def handle_data(self, txt):
-        st = self.state
-        if args.debug:
-            self.output_debug('DATA', (txt,))
-        if st.in_pre:
-            html = htmlify(txt)
-        else:
-            txt = re.sub(r'\s--(\s)', NBR_SPACE[0] + r'--\1', txt).replace('--', NBR_DASH[0]*2)
-            txt = re.sub(r'(^|\W)-', r'\1' + NBR_DASH[0], txt)
-            html = htmlify(txt)
-            if st.in_code:
-                txt = re.sub(r'\s', NBR_SPACE[0], txt)
-                html = html.replace(NBR_DASH[0], '-').replace(NBR_SPACE[0], ' ') # <code> is non-breaking in CSS
-        st.html_out.append(html.replace(NBR_SPACE[0], '&nbsp;').replace(NBR_DASH[0], '-&#8288;'))
-        st.txt += txt
-
-
-    def output_debug(self, event, extra):
-        import pprint
-        st = self.state
-        if args.debug < 2:
-            st = argparse.Namespace(**vars(st))
-            if len(st.html_out) > 2:
-                st.html_out = ['...'] + st.html_out[-2:]
-            if len(st.man_out) > 2:
-                st.man_out = ['...'] + st.man_out[-2:]
-        print(event, extra)
-        pprint.PrettyPrinter(indent=2).pprint(vars(st))
-
-
-def manify(txt):
-    return re.sub(r"^(['.])", r'\&\1', txt.replace('\\', '\\\\')
-            .replace(NBR_SPACE[0], NBR_SPACE[1])
-            .replace(NBR_DASH[0], NBR_DASH[1])
-            .replace(NORM_FONT[0], NORM_FONT[1])
-            .replace(BOLD_FONT[0], BOLD_FONT[1])
-            .replace(UNDR_FONT[0], UNDR_FONT[1]), flags=re.M)
-
-
-def htmlify(txt):
-    return txt.replace('&', '&amp;').replace('<', '&lt;').replace('>', '&gt;').replace('"', '&quot;')
-
-
-def warn(*msg):
-    print(*msg, file=sys.stderr)
-
-
-def die(*msg):
-    warn(*msg)
-    sys.exit(1)
-
-
-if __name__ == '__main__':
-    parser = argparse.ArgumentParser(description='Transform a NAME.NUM.md markdown file into a NAME.NUM.html web page & a NAME.NUM man page.', add_help=False)
-    parser.add_argument('--test', action='store_true', help='Test if we can parse the input w/o updating any files.')
-    parser.add_argument('--debug', '-D', action='count', default=0, help='Output copious info on the html parsing. Repeat for even more.')
-    parser.add_argument("--help", "-h", action="help", help="Output this help message and exit.")
-    parser.add_argument('mdfile', help="The NAME.NUM.md file to parse.")
-    args = parser.parse_args()
-
-    try:
-        import cmarkgfm
-        md_parser = html_via_cmarkgfm
-    except:
-        try:
-            import commonmark
-            md_parser = html_via_commonmark
-        except:
-            die("Failed to find cmarkgfm or commonmark for python3.")
-
-    main()

md2man

@@ -0,0 +1 @@
+md-convert

mkgitver

@@ -0,0 +1,22 @@
+#!/bin/sh
+
+srcdir=`dirname $0`
+
+if [ ! -f git-version.h ]; then
+    touch git-version.h
+fi
+
+if test -d "$srcdir/.git" || test -f "$srcdir/.git"; then
+    gitver=`git describe --abbrev=8 2>/dev/null`
+    # NOTE: I'm avoiding "|" in sed since I'm not sure if sed -r is portable and "\|" fails on some OSes.
+    verchk=`echo "$gitver-" | sed -n '/^v3\.[0-9][0-9]*\.[0-9][0-9]*\(pre[0-9]*\)*-/p'`
+    if [ -n "$verchk" ]; then
+	echo "#define RSYNC_GITVER \"$gitver\"" >git-version.h.new
+	if ! diff git-version.h.new git-version.h >/dev/null; then
+	    echo "Updating git-version.h"
+	    mv git-version.h.new git-version.h
+	else
+	    rm git-version.h.new
+	fi
+    fi
+fi

mkproto.awk

@@ -2,6 +2,7 @@
 
 BEGIN {
     while ((getline i < "proto.h") > 0) old_protos = old_protos ? old_protos "\n" i : i
+    close("proto.h")
     protos = "/* This file is automatically generated with \"make proto\". DO NOT EDIT */\n"
 }
 
@@ -35,5 +36,5 @@ inheader {
 
 END {
     if (old_protos != protos) print protos > "proto.h"
-    printf "" > "proto.h-tstamp"
+    system("touch proto.h-tstamp")
 }

old_versions/README.md

@@ -0,0 +1,87 @@
+# Old rsync version archive
+
+Static rsync binaries built from historical release tags. Two uses:
+
+1. **Cross-version behaviour checks** — confirming whether a behaviour a user
+   reported on an old release is version-specific or option-driven.
+2. **The version-mixing test suite** — `runtests.py --rsync-bin2=...` runs the
+   current code against one of these as the daemon / remote-shell peer; CI
+   (`.github/workflows/ubuntu-version-mix.yml`) does this for every binary
+   here against the per-version manifests in `testsuite/expect/`.
+
+Binaries are **statically linked** so they run regardless of the host's
+shared libraries, and named `rsync_<version>`:
+
+| Binary         | Version | Protocol | Notes                                   |
+|----------------|---------|----------|-----------------------------------------|
+| `rsync_2.6.0`  | 2.6.0   | 27       | 2004; needs autoconf regen (see below)  |
+| `rsync_3.0.0`  | 3.0.0   | 30       | 2008                                    |
+| `rsync_3.1.0`  | 3.1.0   | 31       | 2013                                    |
+| `rsync_3.1.3`  | 3.1.3   | 31       | Ubuntu 18.04 / Debian buster era (2018) |
+| `rsync_3.2.0`  | 3.2.0   | 31       | 2020 (zstd/lz4/xxhash negotiation added)|
+| `rsync_3.2.7`  | 3.2.7   | 31       | 2022                                    |
+| `rsync_3.3.0`  | 3.3.0   | 31       | 2024                                    |
+| `rsync_3.4.0`  | 3.4.0   | 32       | 2025                                    |
+| `rsync_3.4.1`  | 3.4.1   | 32       | 2025                                    |
+
+These are every `x.y.0` release from 2.6.0 (2004) onward plus a few point
+releases. 2.6.0 is the practical floor: older tags need progressively more
+porting to build on a current toolchain.
+
+All built `--disable-openssl` and with `_FORTIFY_SOURCE` disabled (see below);
+xxhash/zstd/lz4 are compiled in where the version supports them.
+
+## Adding a version
+
+```bash
+./build_static.sh 3.2.7            # uses git tag v3.2.7
+./build_static.sh 3.0.9 v3.0.9     # explicit tag if naming differs
+```
+
+The script checks out the tag into a throwaway `git worktree`, applies the
+minimal patches needed to compile old sources on a modern toolchain, links
+statically, verifies the result is static and reports the requested version,
+then installs `rsync_<version>` here and removes the worktree.
+
+Override the source repo with `RSYNC_REPO=/path/to/rsync ./build_static.sh ...`
+(defaults to `../rsync.4`).
+
+## Why the patches?
+
+Modern GCC (>= 14, C23 default) and glibc reject things old rsync relied on.
+`build_static.sh` handles these, each guarded so it's a no-op when not needed:
+
+1. **K&R `lseek64()` redeclaration** in `syscall.c` clashes with glibc's real
+   prototype — removed.
+2. **`gettimeofday()`** — glibc only has the 2-arg form; configure misdetects
+   the 1-arg form, so `HAVE_GETTIMEOFDAY_TZ` is forced on in `config.h`.
+3. **C23 `()` == `(void)`** breaks K&R prototypes called with arguments
+   (`qsort` comparator, `pool->bomb`, etc.) — built with `-std=gnu11`.
+4. Assorted modern `-Werror` promotions (incompatible pointer types, implicit
+   declarations) downgraded to warnings; bundled zlib/popt used to keep the
+   static link self-contained.
+
+5. **OpenSSL (3.2+)** is disabled with `--disable-openssl`: linking
+   `libcrypto.a` statically drags in jitterentropy (`jent_*`) and zlib's
+   `uncompress` (OpenSSL's COMP module), which don't resolve here. OpenSSL only
+   provided optional MD4/MD5, which rsync implements natively, so checksum
+   behaviour is unaffected.
+
+6. **`_FORTIFY_SOURCE` disabled** (`-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0`):
+   modern Ubuntu defaults it to `=3`, whose stricter object-size checks turn
+   latent (historically benign) over-reads in OLD rsync into hard
+   `*** buffer overflow detected ***` aborts when the binary runs as a
+   server/daemon — which made e.g. 3.1.3 and 3.2.7 unusable as peers. Disabling
+   it makes the archival binaries behave as the released versions did.
+
+7. **Pre-3.0 tags (e.g. 2.6.0)** ship `configure.in`, not a generated
+   `configure`. The script runs `autoheader`/`autoconf` to generate it, after
+   neutralizing the `AC_CHECK_FUNCS(fn,,AC_LIBOBJ(lib/...))` fallbacks for
+   `inet_ntop`/`inet_pton`/`getaddrinfo`/`getnameinfo` — modern autoconf emits
+   broken shell for those never-taken branches (the funcs exist in glibc). It
+   also generates `proto.h` (no make rule in that era) and stubs the vendored
+   `lib/addrinfo.h` the tag dropped (modern glibc supplies `struct addrinfo`).
+   All guarded so they no-op on 3.x.
+
+Newer versions may need fewer or different tweaks; if a build fails, the
+script prints the first compiler errors from its log.

old_versions/build_static.sh

@@ -0,0 +1,128 @@
+#!/bin/bash
+# Build a static rsync binary from a historical git tag, for cross-version
+# behaviour testing. Produces ./rsync_<version> in this directory.
+#
+# Usage:   ./build_static.sh <version> [git-tag]
+# Example: ./build_static.sh 3.1.3          # uses tag v3.1.3
+#          ./build_static.sh 3.2.7 v3.2.7
+#
+# Old rsync releases don't compile cleanly on a modern toolchain (GCC >= 14
+# defaults to C23, where an empty () prototype means (void); glibc dropped the
+# 1-arg gettimeofday; lseek64 K&R redeclarations clash). This script applies
+# the minimal, best-effort workarounds and links statically so the result is
+# self-contained and reproducible regardless of the host's shared libraries.
+#
+# Each workaround is guarded so it's a no-op on versions that don't need it.
+set -euo pipefail
+
+VERSION="${1:?usage: build_static.sh <version> [git-tag]}"
+TAG="${2:-v$VERSION}"
+
+ARCHIVE_DIR="$(cd "$(dirname "$0")" && pwd)"
+REPO="${RSYNC_REPO:-/home/tridge/project/rsync/rsync.4}"   # any rsync worktree
+WORKTREE="$(mktemp -d /tmp/rsync-build-XXXXXX)"
+OUT="$ARCHIVE_DIR/rsync_$VERSION"
+
+# C standard restores K&R () semantics; permissive flags downgrade the pile of
+# modern -Werror promotions (incompatible pointers, implicit decls) to warnings.
+# _FORTIFY_SOURCE is forced OFF: modern Ubuntu defaults it to =3, whose stricter
+# object-size checks turn latent (historically benign) over-reads in OLD rsync
+# into hard "*** buffer overflow detected ***" aborts when the binary acts as a
+# server/daemon. Disabling it makes these archival binaries behave the way the
+# released versions did, which is the whole point of the archive.
+CFLAGS_OLD="-I. -I./zlib -O2 -g -std=gnu11 -fcommon -DHAVE_CONFIG_H -Wno-error \
+-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 \
+-Wno-incompatible-pointer-types -Wno-implicit-function-declaration -Wno-int-conversion"
+
+cleanup() {
+    cd "$REPO"
+    git worktree remove --force "$WORKTREE" 2>/dev/null || true
+    git worktree prune 2>/dev/null || true
+}
+trap cleanup EXIT
+
+echo ">>> checking out $TAG into $WORKTREE"
+# prefer an exact tag to avoid ambiguity with similarly-named branches
+REF="$TAG"
+if git -C "$REPO" rev-parse -q --verify "refs/tags/$TAG" >/dev/null; then
+    REF="refs/tags/$TAG"
+fi
+git -C "$REPO" worktree add --detach "$WORKTREE" "$REF"
+cd "$WORKTREE"
+
+# --- workaround 1: K&R lseek64 redeclaration clashes with glibc's prototype ---
+if grep -q 'off64_t lseek64();' syscall.c 2>/dev/null; then
+    echo ">>> patching syscall.c lseek64 redeclaration"
+    perl -0pi -e 's/#ifdef HAVE_LSEEK64\n#if !SIZEOF_OFF64_T\n\tOFF_T lseek64\(\);\n#else\n\toff64_t lseek64\(\);\n#endif\n\treturn lseek64/#ifdef HAVE_LSEEK64\n\treturn lseek64/' syscall.c
+fi
+
+# --- workaround 0: pre-3.0 tags ship configure.in, not a generated configure.
+# Generate it. Modern autoconf emits broken shell for their
+# AC_CHECK_FUNCS(fn,,AC_LIBOBJ(lib/...)) fallbacks -- but those branches are
+# dead on a modern host (glibc has inet_ntop/inet_pton/getaddrinfo/getnameinfo),
+# so neutralize the AC_LIBOBJ replacements before regenerating.
+OLD_TREE=0
+if [ ! -f ./configure ] && { [ -f configure.in ] || [ -f configure.ac ]; }; then
+    OLD_TREE=1
+    acsrc=configure.ac; [ -f configure.in ] && acsrc=configure.in
+    echo ">>> generating configure for an old tag (autoheader/autoconf)"
+    sed -i 's#AC_LIBOBJ(lib/[a-zA-Z_]*)#:#g' "$acsrc"
+    autoheader 2>/dev/null || true
+    autoconf 2>/dev/null || { echo "autoconf failed"; exit 1; }
+fi
+
+CONF_ARGS=(--disable-md2man --with-included-zlib=yes --with-included-popt=yes)
+# OpenSSL (3.2+) only adds optional MD4/MD5 that rsync already implements, but
+# linking libcrypto.a statically drags in jitterentropy + zlib's uncompress,
+# which aren't resolvable here. Drop it when the flag exists.
+if ./configure --help 2>/dev/null | grep -q -- '--disable-openssl'; then
+    echo ">>> disabling openssl for self-contained static link"
+    CONF_ARGS+=(--disable-openssl)
+fi
+
+echo ">>> configure (bundled zlib + popt, static-friendly)"
+./configure "${CONF_ARGS[@]}" \
+    >"$WORKTREE/conf.log" 2>&1 || { tail -20 "$WORKTREE/conf.log"; exit 1; }
+
+# --- workaround 2: modern glibc only has the 2-arg gettimeofday ---------------
+if grep -q '/\* #undef HAVE_GETTIMEOFDAY_TZ \*/' config.h; then
+    echo ">>> forcing HAVE_GETTIMEOFDAY_TZ (configure misdetects it)"
+    sed -i 's|/\* #undef HAVE_GETTIMEOFDAY_TZ \*/|#define HAVE_GETTIMEOFDAY_TZ 1|' config.h
+fi
+
+# --- workaround 4 (old trees only): generate proto.h if the tree has no make
+# rule for it, and stub a vendored lib/addrinfo.h that the git tag dropped
+# (modern glibc supplies struct addrinfo / sockaddr_storage, so empty is right).
+if [ "$OLD_TREE" = 1 ]; then
+    if [ ! -f proto.h ] && [ -f mkproto.awk ]; then
+        echo ">>> generating proto.h"
+        cat ./*.c ./lib/compat.c 2>/dev/null | awk -f ./mkproto.awk > proto.h
+    fi
+    if grep -q 'include "lib/addrinfo.h"' rsync.h 2>/dev/null && [ ! -f lib/addrinfo.h ]; then
+        echo ">>> stubbing lib/addrinfo.h"
+        echo '/* emptied: modern glibc provides struct addrinfo */' > lib/addrinfo.h
+    fi
+fi
+
+echo ">>> building (static)"
+make -j"$(nproc)" CFLAGS="$CFLAGS_OLD" LDFLAGS="-static" \
+    >"$WORKTREE/make.log" 2>&1 || { grep -E 'error:|\*\*\*' "$WORKTREE/make.log" | head; exit 1; }
+
+# verify it's actually static before we keep it
+if ldd ./rsync 2>&1 | grep -qv 'not a dynamic executable'; then
+    echo "ERROR: binary is not statically linked:" >&2
+    ldd ./rsync >&2
+    exit 1
+fi
+
+GOT="$(./rsync --version | head -1 | awk '{print $3}')"
+if [ "$GOT" != "$VERSION" ]; then
+    echo "ERROR: built version '$GOT' != requested '$VERSION'" >&2
+    exit 1
+fi
+
+cp ./rsync "$OUT"
+strip "$OUT"
+echo ">>> installed $OUT"
+"$OUT" --version | head -1
+file "$OUT"

packaging/auto-Makefile

@@ -1,8 +1,12 @@
-TARGETS := all install install-ssl-daemon install-all install-strip conf gen gensend reconfigure restatus \
-	proto man clean cleantests distclean test check check29 check30 installcheck splint doxygen doxygen-upload
+TARGETS := all install install-ssl-daemon install-all install-strip uninstall uninstall-ssl-daemon uninstall-all conf gen reconfigure restatus \
+	proto man clean cleantests distclean test check check29 check30 installcheck splint \
+	doxygen doxygen-upload finddead rrsync
 
-.PHONY: $(TARGETS)
+.PHONY: $(TARGETS) auto-prep
 
-$(TARGETS):
-	@if test x`packaging/prep-auto-dir` = x; then echo "auto-build-save is not setup"; exit 1; fi
+$(TARGETS): auto-prep
 	make -C build $@
+
+auto-prep:
+	@if test x`packaging/prep-auto-dir` = x; then echo "auto-build-save is not setup"; exit 1; fi
+	@echo 'Build branch: '`readlink build/.branch | tr % /`

packaging/branch-from-patch

@@ -1,174 +0,0 @@
-#!/usr/bin/env -S python3 -B
-
-# This script turns one or more diff files in the patches dir (which is
-# expected to be a checkout of the rsync-patches git repo) into a branch
-# in the main rsync git checkout. This allows the applied patch to be
-# merged with the latest rsync changes and tested.  To update the diff
-# with the resulting changes, see the patch-update script.
-
-import os, sys, re, argparse, glob
-
-sys.path = ['packaging'] + sys.path
-
-from pkglib import *
-
-def main():
-    global created, info, local_branch
-
-    cur_branch, args.base_branch = check_git_state(args.base_branch, not args.skip_check, args.patches_dir)
-
-    local_branch = get_patch_branches(args.base_branch)
-
-    if args.delete_local_branches:
-        for name in sorted(local_branch):
-            branch = f"patch/{args.base_branch}/{name}"
-            cmd_chk(['git', 'branch', '-D', branch])
-        local_branch = set()
-
-    if args.add_missing:
-        for fn in sorted(glob.glob(f"{args.patches_dir}/*.diff")):
-            name = re.sub(r'\.diff$', '', re.sub(r'.+/', '', fn))
-            if name not in local_branch and fn not in args.patch_files:
-                args.patch_files.append(fn)
-
-    if not args.patch_files:
-        return
-
-    for fn in args.patch_files:
-        if not fn.endswith('.diff'):
-            die(f"Filename is not a .diff file: {fn}")
-        if not os.path.isfile(fn):
-            die(f"File not found: {fn}")
-
-    scanned = set()
-    info = { }
-
-    patch_list = [ ]
-    for fn in args.patch_files:
-        m = re.match(r'^(?P<dir>.*?)(?P<name>[^/]+)\.diff$', fn)
-        patch = argparse.Namespace(**m.groupdict())
-        if patch.name in scanned:
-            continue
-        patch.fn = fn
-
-        lines = [ ]
-        commit_hash = None
-        with open(patch.fn, 'r', encoding='utf-8') as fh:
-            for line in fh:
-                m = re.match(r'^based-on: (\S+)', line)
-                if m:
-                    commit_hash = m[1]
-                    break
-                if (re.match(r'^index .*\.\..* \d', line)
-                 or re.match(r'^diff --git ', line)
-                 or re.match(r'^--- (old|a)/', line)):
-                    break
-                lines.append(re.sub(r'\s*\Z', "\n", line, 1))
-        info_txt = ''.join(lines).strip() + "\n"
-        lines = None
-
-        parent = args.base_branch
-        patches = re.findall(r'patch -p1 <%s/(\S+)\.diff' % args.patches_dir, info_txt)
-        if patches:
-            last = patches.pop()
-            if last != patch.name:
-                warn(f"No identity patch line in {patch.fn}")
-                patches.append(last)
-            if patches:
-                parent = patches.pop()
-                if parent not in scanned:
-                    diff_fn = patch.dir + parent + '.diff'
-                    if not os.path.isfile(diff_fn):
-                        die(f"Failed to find parent of {patch.fn}: {parent}")
-                    # Add parent to args.patch_files so that we will look for the
-                    # parent's parent.  Any duplicates will be ignored.
-                    args.patch_files.append(diff_fn)
-        else:
-            warn(f"No patch lines found in {patch.fn}")
-
-        info[patch.name] = [ parent, info_txt, commit_hash ]
-
-        patch_list.append(patch)
-
-    created = set()
-    for patch in patch_list:
-        create_branch(patch)
-
-    cmd_chk(['git', 'checkout', args.base_branch])
-
-
-def create_branch(patch):
-    if patch.name in created:
-        return
-    created.add(patch.name)
-
-    parent, info_txt, commit_hash = info[patch.name]
-    parent = argparse.Namespace(dir=patch.dir, name=parent, fn=patch.dir + parent + '.diff')
-
-    if parent.name == args.base_branch:
-        parent_branch = commit_hash if commit_hash else args.base_branch
-    else:
-        create_branch(parent)
-        parent_branch = '/'.join(['patch', args.base_branch, parent.name])
-
-    branch = '/'.join(['patch', args.base_branch, patch.name])
-    print("\n" + '=' * 64)
-    print(f"Processing {branch} ({parent_branch})")
-
-    if patch.name in local_branch:
-        cmd_chk(['git', 'branch', '-D', branch])
-
-    cmd_chk(['git', 'checkout', '-b', branch, parent_branch])
-
-    info_fn = 'PATCH.' + patch.name
-    with open(info_fn, 'w', encoding='utf-8') as fh:
-        fh.write(info_txt)
-    cmd_chk(['git', 'add', info_fn])
-
-    with open(patch.fn, 'r', encoding='utf-8') as fh:
-        patch_txt = fh.read()
-
-    cmd_run('patch -p1'.split(), input=patch_txt)
-
-    for fn in glob.glob('*.orig') + glob.glob('*/*.orig'):
-        os.unlink(fn)
-
-    pos = 0
-    new_file_re = re.compile(r'\nnew file mode (?P<mode>\d+)\s+--- /dev/null\s+\+\+\+ b/(?P<fn>.+)')
-    while True:
-        m = new_file_re.search(patch_txt, pos)
-        if not m:
-            break
-        os.chmod(m['fn'], int(m['mode'], 8))
-        cmd_chk(['git', 'add', m['fn']])
-        pos = m.end()
-
-    while True:
-        cmd_chk('git status'.split())
-        ans = input('Press Enter to commit, Ctrl-C to abort, or type a wild-name to add a new file: ')
-        if ans == '':
-            break
-        cmd_chk("git add " + ans, shell=True)
-
-    while True:
-        s = cmd_run(['git', 'commit', '-a', '-m', f"Creating branch from {patch.name}.diff."])
-        if not s.returncode:
-            break
-        s = cmd_run(['/bin/zsh'])
-        if s.returncode:
-            die('Aborting due to shell error code')
-
-
-if __name__ == '__main__':
-    parser = argparse.ArgumentParser(description="Create a git patch branch from an rsync patch file.", add_help=False)
-    parser.add_argument('--branch', '-b', dest='base_branch', metavar='BASE_BRANCH', default='master', help="The branch the patch is based on. Default: master.")
-    parser.add_argument('--add-missing', '-a', action='store_true', help="Add a branch for every patches/*.diff that doesn't have a branch.")
-    parser.add_argument('--skip-check', action='store_true', help="Skip the check that ensures starting with a clean branch.")
-    parser.add_argument('--delete', dest='delete_local_branches', action='store_true', help="Delete all the local patch/BASE/* branches, not just the ones that are being recreated.")
-    parser.add_argument('--patches-dir', '-p', metavar='DIR', default='patches', help="Override the location of the rsync-patches dir. Default: patches.")
-    parser.add_argument('patch_files', metavar='patches/DIFF_FILE', nargs='*', help="Specify what patch diff files to process. Default: all of them.")
-    parser.add_argument("--help", "-h", action="help", help="Output this help message and exit.")
-    args = parser.parse_args()
-    main()
-
-# vim: sw=4 et ft=python

packaging/cull-options

@@ -0,0 +1,148 @@
+#!/usr/bin/env python3
+# This script outputs either perl or python code that parses all possible options
+# that the code in options.c might send to the server.  The resulting code is then
+# included in the rrsync script.
+
+import re, argparse
+
+short_no_arg = { }
+short_with_num = { '@': 1 }
+long_opts = { # These include some extra long-args that BackupPC uses:
+        'block-size': 1,
+        'daemon': -1,
+        'debug': 1,
+        'fake-super': 0,
+        'fuzzy': 0,
+        'group': 0,
+        'hard-links': 0,
+        'ignore-times': 0,
+        'info': 1,
+        'links': 0,
+        'log-file': 3,
+        'munge-links': 0,
+        'no-munge-links': -1,
+        'one-file-system': 0,
+        'owner': 0,
+        'perms': 0,
+        'recursive': 0,
+        'stderr': 1,
+        'times': 0,
+        'copy-devices': -1,
+        'write-devices': -1,
+        }
+
+def main():
+    last_long_opt = None
+
+    with open('../options.c') as fh:
+        for line in fh:
+            m = re.search(r"argstr\[x\+\+\] = '([^.ie])'", line)
+            if m:
+                short_no_arg[m.group(1)] = 1
+                last_long_opt = None
+                continue
+
+            m = re.search(r'asprintf\([^,]+, "-([a-zA-Z0-9])\%l?[ud]"', line)
+            if m:
+                short_with_num[m.group(1)] = 1
+                last_long_opt = None
+                continue
+
+            m = re.search(r'args\[ac\+\+\] = "--([^"=]+)"', line)
+            if m:
+                last_long_opt = m.group(1)
+                if last_long_opt not in long_opts:
+                    long_opts[last_long_opt] = 0
+                else:
+                    last_long_opt = None
+                continue
+
+            if last_long_opt:
+                m = re.search(r'args\[ac\+\+\] = safe_arg\("", ([^[("\s]+)\);', line)
+                if m:
+                    long_opts[last_long_opt] = 2
+                    last_long_opt = None
+                    continue
+                if 'args[ac++] = ' in line:
+                    last_long_opt = None
+
+            m = re.search(r'return "--([^"]+-dest)";', line)
+            if m:
+                long_opts[m.group(1)] = 2
+                last_long_opt = None
+                continue
+
+            m = re.search(r'asprintf\([^,]+, "--([^"=]+)=', line)
+            if not m:
+                m = re.search(r'args\[ac\+\+\] = "--([^"=]+)=', line)
+                if not m:
+                    m = re.search(r'args\[ac\+\+\] = safe_arg\("--([^"=]+)"', line)
+                    if not m:
+                        m = re.search(r'fmt = .*: "--([^"=]+)=', line)
+            if m:
+                long_opts[m.group(1)] = 1
+                last_long_opt = None
+
+    long_opts['files-from'] = 3
+
+    txt = """\
+### START of options data produced by the cull-options script. ###
+
+# To disable a short-named option, add its letter to this string:
+"""
+
+    txt += str_assign('short_disabled', 's') + "\n"
+    txt += '# These are also disabled when the restricted dir is not "/":\n'
+    txt += str_assign('short_disabled_subdir', 'KLk') + "\n"
+    txt += '# These are all possible short options that we will accept (when not disabled above):\n'
+    txt += str_assign('short_no_arg', ''.join(sorted(short_no_arg)), 'DO NOT REMOVE ANY')
+    txt += str_assign('short_with_num', ''.join(sorted(short_with_num)), 'DO NOT REMOVE ANY')
+   
+    txt += """
+# To disable a long-named option, change its value to a -1.  The values mean:
+# 0 = the option has no arg; 1 = the arg doesn't need any checking; 2 = only
+# check the arg when receiving; and 3 = always check the arg.
+"""
+
+    print(txt, end='')
+
+    if args.python:
+        print("long_opts = {")
+        sep = ':'
+    else:
+        print("our %long_opt = (")
+        sep = ' =>'
+
+    for opt in sorted(long_opts):
+        if opt.startswith(('min-', 'max-')):
+            val = 1
+        else:
+            val = long_opts[opt]
+        print(' ', repr(opt) + sep, str(val) + ',')
+
+    if args.python:
+        print("}")
+    else:
+        print(");")
+    print("\n### END of options data produced by the cull-options script. ###")
+
+
+def str_assign(name, val, comment=None):
+    comment = ' # ' + comment if comment else ''
+    if args.python:
+        return name + ' = ' + repr(val) + comment + "\n"
+    return 'our $' + name + ' = ' + repr(val) + ';' + comment + "\n"
+
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(description="Output culled rsync options for rrsync.", add_help=False)
+    out_group = parser.add_mutually_exclusive_group()
+    out_group.add_argument('--perl', action='store_true', help="Output perl code.")
+    out_group.add_argument('--python', action='store_true', help="Output python code (the default).")
+    parser.add_argument('--help', '-h', action='help', help="Output this help message and exit.")
+    args = parser.parse_args()
+    if not args.perl:
+        args.python = True
+    main()
+
+# vim: sw=4 et

packaging/cull_options

@@ -1,85 +0,0 @@
-#!/usr/bin/env perl
-# This script outputs some perl code that parses all possible options
-# that the code in options.c might send to the server.  This perl code
-# is included in the rrsync script.
-use strict;
-
-our %short_no_arg;
-our %short_with_num = ( '@' => 1 );
-our %long_opt = ( # These include some extra long-args that BackupPC uses:
-    'block-size' => 1,
-    'daemon' => -1,
-    'debug' => 1,
-    'fake-super' => 0,
-    'fuzzy' => 0,
-    'group' => 0,
-    'hard-links' => 0,
-    'ignore-times' => 0,
-    'info' => 1,
-    'links' => 0,
-    'log-file' => 3,
-    'one-file-system' => 0,
-    'owner' => 0,
-    'perms' => 0,
-    'recursive' => 0,
-    'times' => 0,
-    'write-devices' => -1,
-);
-our $last_long_opt;
-
-open(IN, '../options.c') or die "Unable to open ../options.c: $!\n";
-
-while (<IN>) {
-    if (/\Qargstr[x++]\E = '([^.ie])'/) {
-	$short_no_arg{$1} = 1;
-	undef $last_long_opt;
-    } elsif (/\Qasprintf(\E[^,]+, "-([a-zA-Z0-9])\%l?[ud]"/) {
-	$short_with_num{$1} = 1;
-	undef $last_long_opt;
-    } elsif (/\Qargs[ac++]\E = "--([^"=]+)"/) {
-	$last_long_opt = $1;
-	$long_opt{$1} = 0 unless exists $long_opt{$1};
-    } elsif (defined($last_long_opt)
-	&& /\Qargs[ac++]\E = ([^["\s]+);/) {
-	$long_opt{$last_long_opt} = 2;
-	undef $last_long_opt;
-    } elsif (/return "--([^"]+-dest)";/) {
-	$long_opt{$1} = 2;
-	undef $last_long_opt;
-    } elsif (/\Qasprintf(\E[^,]+, "--([^"=]+)=/ || /\Qargs[ac++]\E = "--([^"=]+)=/ || /fmt = .*: "--([^"=]+)=/) {
-	$long_opt{$1} = 1;
-	undef $last_long_opt;
-    }
-}
-close IN;
-
-my $short_no_arg = join('', sort keys %short_no_arg);
-my $short_with_num = join('', sort keys %short_with_num);
-
-print <<EOT;
-
-# These options are the only options that rsync might send to the server,
-# and only in the option format that the stock rsync produces.
-
-# To disable a short-named option, add its letter to this string:
-our \$short_disabled = 's';
-
-our \$short_no_arg = '$short_no_arg'; # DO NOT REMOVE ANY
-our \$short_with_num = '$short_with_num'; # DO NOT REMOVE ANY
-
-# To disable a long-named option, change its value to a -1.  The values mean:
-# 0 = the option has no arg; 1 = the arg doesn't need any checking; 2 = only
-# check the arg when receiving; and 3 = always check the arg.
-our \%long_opt = (
-EOT
-
-foreach my $opt (sort keys %long_opt) {
-    my $val = $long_opt{$opt};
-    $val = 1 if $opt =~ /^(max-|min-)/;
-    $val = 3 if $opt eq 'files-from';
-    $val = q"$only eq 'r' ? -1 : " . $val if $opt =~ /^(remove-|log-file)/;
-    $val = q"$only eq 'w' ? -1 : " . $val if $opt eq 'sender';
-    print "  '$opt' => $val,\n";
-}
-
-print ");\n\n";

packaging/ftp.filt

@@ -0,0 +1,2 @@
+- /generated-files/
+- /binaries/

packaging/lsb/rsync.spec

@@ -1,9 +1,9 @@
 Summary: A fast, versatile, remote (and local) file-copying tool
 Name: rsync
-Version: 3.2.2
-%define fullversion %{version}pre2
-Release: 0.1.pre2
-%define srcdir src-previews
+Version: 3.4.3
+%define fullversion %{version}
+Release: 1
+%define srcdir src
 Group: Applications/Internet
 License: GPL
 Source0: https://rsync.samba.org/ftp/rsync/%{srcdir}/rsync-%{fullversion}.tar.gz
@@ -79,9 +79,5 @@ rm -rf $RPM_BUILD_ROOT
 %dir /etc/rsync-ssl/certs
 
 %changelog
-* Sun Jun 28 2020 Wayne Davison <wayne@opencoder.net>
-Released 3.2.2pre2.
-
-* Fri Mar 21 2008 Wayne Davison <wayne@opencoder.net>
-Added installation of /etc/xinetd.d/rsync file and some commented-out
-lines that demonstrate how to use the rsync-patches tar file.
+* Wed May 20 2026 Rsync Project <rsync.project@gmail.com>
+Released 3.4.3.

packaging/md2html

@@ -1,99 +0,0 @@
-#!/usr/bin/env python3
-
-# Copyright (C) 2020 Wayne Davison
-#
-# This program is freely redistributable.
-
-import os, re, argparse
-
-HTML_START = """\
-<html><head>
-<title>%s</title>
-<link href="https://fonts.googleapis.com/css2?family=Roboto&family=Roboto+Mono&display=swap" rel="stylesheet">
-<style>
-body {
-  max-width: 50em;
-  margin: auto;
-}
-body, b, strong, u {
-  font-family: 'Roboto', sans-serif;
-}
-code {
-  font-family: 'Roboto Mono', monospace;
-  font-weight: bold;
-}
-pre code {
-  display: block;
-  font-weight: normal;
-}
-blockquote pre code {
-  background: #f1f1f1;
-}
-dd p:first-of-type {
-  margin-block-start: 0em;
-}
-</style>
-</head><body>
-"""
-
-HTML_END = """\
-</body></html>
-"""
-
-md_parser = None
-
-def main():
-    for mdfn in args.mdfiles:
-        if not mdfn.endswith('.md'):
-            print('Ignoring non-md input file:', mdfn)
-            continue
-        title = re.sub(r'.*/', '', mdfn).replace('.md', '')
-        htfn = mdfn.replace('.md', '.html')
-
-        print("Parsing", mdfn, '->', htfn)
-
-        with open(mdfn, 'r', encoding='utf-8') as fh:
-            txt = fh.read()
-
-        txt = re.sub(r'\s--\s', '\xa0-- ', txt)
-
-        html = md_parser(txt)
-
-        html = re.sub(r'(<code>)([\s\S]*?)(</code>)', lambda m: m[1] + re.sub(r'\s', '\xa0', m[2]) + m[3], html)
-        html = html.replace('--', '&#8209;&#8209;').replace("\xa0-", '&nbsp;&#8209;').replace("\xa0", '&nbsp;')
-        html = re.sub(r'(\W)-', r'\1&#8209;', html)
-
-        if os.path.lexists(htfn):
-            os.unlink(htfn)
-
-        with open(htfn, 'w', encoding='utf-8') as fh:
-            fh.write(HTML_START % title)
-            fh.write(html)
-            fh.write(HTML_END)
-
-
-def html_via_cmarkgfm(txt):
-    return cmarkgfm.markdown_to_html(txt)
-
-
-def html_via_commonmark(txt):
-    return commonmark.HtmlRenderer().render(commonmark.Parser().parse(txt))
-
-
-if __name__ == '__main__':
-    parser = argparse.ArgumentParser(description='Output html for md pages.', add_help=False)
-    parser.add_argument("--help", "-h", action="help", help="Output this help message and exit.")
-    parser.add_argument("mdfiles", nargs='+', help="The .md files to turn into .html files.")
-    args = parser.parse_args()
-
-    try:
-        import cmarkgfm
-        md_parser = html_via_cmarkgfm
-    except:
-        try:
-            import commonmark
-            md_parser = html_via_commonmark
-        except:
-            die("Failed to find cmarkgfm or commonmark for python3.")
-
-    main()