Preparing for release of 3.4.1 [buildall]

Fixes: https://github.com/RsyncProject/rsync/issues/701

NEWS.md

@@ -1,3 +1,24 @@
+# NEWS for rsync 3.4.1 (16 Jan 2025)
+
+Release 3.4.1 is a fix for regressions introduced in 3.4.0
+
+## Changes in this version:
+
+### BUG FIXES:
+
+ - fixed handling of -H flag with conflict in internal flag values
+
+ - fixed a user after free in logging of failed rename
+
+ - fixed build on systems without openat()
+
+ - removed dependency on alloca() in bundled popt
+
+### DEVELOPER RELATED:
+
+ - fix to permissions handling in the developer release script
+
+------------------------------------------------------------------------------
 # NEWS for rsync 3.4.0 (15 Jan 2025)
 
 Release 3.4.0 is a security release that fixes a number of important vulnerabilities.
@@ -4816,6 +4837,7 @@ to develop and test fixes.
 
 | RELEASE DATE | VER.   | DATE OF COMMIT\* | PROTOCOL    |
 |--------------|--------|------------------|-------------|
+| 16 Jan 2025  | 3.4.1  |                  | 32          |
 | 15 Jan 2025  | 3.4.0  |                  | 32          |
 | 06 Apr 2024  | 3.3.0  |                  | 31          |
 | 20 Oct 2022  | 3.2.7  |                  | 31          |

SECURITY.md

@@ -9,4 +9,5 @@ help backporting fixes into an older release, feel free to ask.
 
 Email your vulnerability information to rsync's maintainer:
 
-  Wayne Davison <wayne@opencoder.net>
+  Rsync Project <rsync.project@gmail.com>
+

generator.c

@@ -2041,8 +2041,12 @@ int atomic_create(struct file_struct *file, char *fname, const char *slnk, const
 
 	if (!skip_atomic) {
 		if (do_rename(tmpname, fname) < 0) {
+			char *full_tmpname = strdup(full_fname(tmpname));
+			if (full_tmpname == NULL)
+				out_of_memory("atomic_create");
 			rsyserr(FERROR_XFER, errno, "rename %s -> \"%s\" failed",
-				full_fname(tmpname), full_fname(fname));
+				full_tmpname, full_fname(fname));
+			free(full_tmpname);
 			do_unlink(tmpname);
 			return 0;
 		}

packaging/lsb/rsync.spec

@@ -1,6 +1,6 @@
 Summary: A fast, versatile, remote (and local) file-copying tool
 Name: rsync
-Version: 3.4.0
+Version: 3.4.1
 %define fullversion %{version}
 Release: 1
 %define srcdir src
@@ -79,9 +79,5 @@ rm -rf $RPM_BUILD_ROOT
 %dir /etc/rsync-ssl/certs
 
 %changelog
-* Wed Jan 15 2025 Wayne Davison <wayne@opencoder.net>
-Released 3.4.0.
-
-* Fri Mar 21 2008 Wayne Davison <wayne@opencoder.net>
-Added installation of /etc/xinetd.d/rsync file and some commented-out
-lines that demonstrate how to use the rsync-patches tar file.
+* Thu Jan 16 2025 Rsync Project <rsync.project@gmail.com>
+Released 3.4.1.

packaging/samba-rsync

@@ -121,4 +121,4 @@ fi
 
 cd "$SRC_DIR" || exit 1
 echo "Copying files from $SRC_DIR to $RSYNC_SAMBA_HOST ..."
-do_rsync -aivOHP --del -f._$FILT . "$RSYNC_SAMBA_HOST:$DEST_DIR/"
+do_rsync -aivOHP --chown=:rsync --del -f._$FILT . "$RSYNC_SAMBA_HOST:$DEST_DIR/"

popt/findme.c

@@ -25,12 +25,15 @@ const char * findProgramPath(const char * argv0)
     if (path == NULL) return NULL;
 
     bufsize = strlen(path) + 1;
-    start = pathbuf = alloca(bufsize);
+    start = pathbuf = malloc(bufsize);
     if (pathbuf == NULL) return NULL;	/* XXX can't happen */
     strlcpy(pathbuf, path, bufsize);
     bufsize += sizeof "/" - 1 + strlen(argv0);
     buf = malloc(bufsize);
-    if (buf == NULL) return NULL;	/* XXX can't happen */
+    if (buf == NULL) {
+	    free(pathbuf);
+	    return NULL;	/* XXX can't happen */
+    }
 
     chptr = NULL;
     /*@-branchstate@*/
@@ -39,8 +42,10 @@ const char * findProgramPath(const char * argv0)
 	    *chptr = '\0';
 	snprintf(buf, bufsize, "%s/%s", start, argv0);
 
-	if (!access(buf, X_OK))
+	if (!access(buf, X_OK)) {
+	    free(pathbuf);
 	    return buf;
+	}
 
 	if (chptr) 
 	    start = chptr + 1;
@@ -49,6 +54,7 @@ const char * findProgramPath(const char * argv0)
     } while (start && *start);
     /*@=branchstate@*/
 
+    free(pathbuf);
     free(buf);
 
     return NULL;

rsync.h

@@ -84,7 +84,6 @@
 #define FLAG_DUPLICATE (1<<4)	/* sender */
 #define FLAG_MISSING_DIR (1<<4)	/* generator */
 #define FLAG_HLINKED (1<<5)	/* receiver/generator (checked on all types) */
-#define FLAG_GOT_DIR_FLIST (1<<5)/* sender/receiver/generator - dir_flist only */
 #define FLAG_HLINK_FIRST (1<<6)	/* receiver/generator (w/FLAG_HLINKED) */
 #define FLAG_IMPLIED_DIR (1<<6)	/* sender/receiver/generator (dirs only) */
 #define FLAG_HLINK_LAST (1<<7)	/* receiver/generator */
@@ -93,6 +92,7 @@
 #define FLAG_SKIP_GROUP (1<<10)	/* receiver/generator */
 #define FLAG_TIME_FAILED (1<<11)/* generator */
 #define FLAG_MOD_NSEC (1<<12)	/* sender/receiver/generator */
+#define FLAG_GOT_DIR_FLIST (1<<13)/* sender/receiver/generator - dir_flist only */
 
 /* These flags are passed to functions but not stored. */
 

syscall.c

@@ -734,7 +734,7 @@ int secure_relative_open(const char *basedir, const char *relpath, int flags, mo
 		return -1;
 	}
 
-#if !defined(O_NOFOLLOW) || !defined(O_DIRECTORY)
+#if !defined(O_NOFOLLOW) || !defined(O_DIRECTORY) || !defined(AT_FDCWD)
 	// really old system, all we can do is live with the risks
 	if (!basedir) {
 		return open(relpath, flags, mode);

testsuite/hardlinks.test

@@ -77,5 +77,11 @@ rm -rf "$todir"
 $RSYNC -aHivv --debug=HLINK5 "$name1" "$todir/"
 diff $diffopt "$name1" "$todir" || test_fail "solo copy of name1 failed"
 
+# Make sure there's nothing wrong with sending a single directory with -H
+# enabled (this has broken in 3.4.0 so far, so we need this test).
+rm -rf "$fromdir" "$todir"
+makepath "$fromdir/sym" "$todir"
+checkit "$RSYNC -aH '$fromdir/sym' '$todir'" "$fromdir" "$todir"
+
 # The script would have aborted on error, so getting here means we've won.
 exit 0

version.h

@@ -1,2 +1,2 @@
-#define RSYNC_VERSION "3.4.0"
+#define RSYNC_VERSION "3.4.1"
 #define MAINTAINER_TZ_OFFSET -7.0