[Bug 10951] Emtpy parameter triggers unwanted behavior, but no error message
https://bugzilla.samba.org/show_bug.cgi?id=10951 Wayne Davison way...@samba.org changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |INVALID --- Comment #2 from Wayne Davison way...@samba.org --- Since the command-line you mentioned is completely valid, there's no error for rsync to complain about. Your args specified --exclude --exclude (so that it won't transfer a file named --exclude) and then specified /mnt as a source or destination arg (depending on where it appears in the list of args). One thing you could possibly do to make the arg parsing stricter is to export POSIXLY_CORRECT=1 in the environment. That makes popt stop parsing options at the first non-option it finds, so something like --exclude --exclude /mnt --del /src/ /dest/ would at least complain about the file --del not existing while it was copying /mnt and /src/ to /dest (though it doesn't stop the copying from happening). -- You are receiving this mail because: You are the QA Contact for the bug. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
[Bug 10951] Emtpy parameter triggers unwanted behavior, but no error message
https://bugzilla.samba.org/show_bug.cgi?id=10951 --- Comment #3 from Wayne Davison way...@samba.org --- Let me also add that if the cause was a bash shell variable that ended up being empty, then you should note that it is a bash-ism to require parameters to be double-quoted in order for them to behave sanely (e.g. --exclude $arg) whereas other shells (such as zsh) default to a saner behavior for something like --exclude $arg. -- You are receiving this mail because: You are the QA Contact for the bug. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
[Bug 10936] Rsync path hijacking attack vulnerability
https://bugzilla.samba.org/show_bug.cgi?id=10936 Wayne Davison way...@samba.org changed: What|Removed |Added Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #3 from Wayne Davison way...@samba.org --- In your test, you didn't use 3.1.1 on the client side. This was fixed in that release: ABORTING due to unsafe pathname from sender: /root/pwned.test -- You are receiving this mail because: You are the QA Contact for the bug. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
[Bug 10936] Rsync path hijacking attack vulnerability
https://bugzilla.samba.org/show_bug.cgi?id=10936 --- Comment #4 from roland devz...@web.de --- that fix is this two commits, correct ? https://git.samba.org/?p=rsync.git;a=commit;h=371242e4e8150d4f9cc74cdf2d75d8250535175e https://git.samba.org/?p=rsync.git;a=commit; h=4cad402ea8a91031f86c53961d78bb7f4f174790 -- You are receiving this mail because: You are the QA Contact for the bug. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: Bug-report:rsync may hung if time jumps backwards
On Sun, Nov 16, 2014 at 10:44 PM, yhu2 yadi...@windriver.com wrote: + usleep(t*1000); Is it a correct fix? any comments would be appreciated!!! The hang was not because time went backwards, but because it moved forward by over 2 years (which overflows a variable, making the value negative). I both fixed that issue, and added a configure check for usleep(), which we will use if it is around. Thanks! ..wayne.. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
[Bug 10936] Rsync path hijacking attack vulnerability
https://bugzilla.samba.org/show_bug.cgi?id=10936 --- Comment #5 from Wayne Davison way...@samba.org --- (In reply to roland from comment #4) Yes, those are the commits for this bug. -- You are receiving this mail because: You are the QA Contact for the bug. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: Bug-report:rsync may hung if time jumps backwards
thanks your reply, could you please send off official fix? On 11/28/2014 04:05 AM, Wayne Davison wrote: On Sun, Nov 16, 2014 at 10:44 PM, yhu2 yadi...@windriver.com mailto:yadi...@windriver.com wrote: + usleep(t*1000); Is it a correct fix? any comments would be appreciated!!! The hang was not because time went backwards, but because it moved forward by over 2 years (which overflows a variable, making the value negative). I both fixed that issue, and added a configure check for usleep(), which we will use if it is around. Thanks! ..wayne.. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
[SCM] The rsync repository. - branch master updated
The branch, master has been updated
via 5546dab Use usleep() for msleep() if it is available.
from 6128f56 Add a missing closing paren.
https://git.samba.org/?p=rsync.git;a=shortlog;h=master
- Log -
commit 5546dab32970955e77ef7a5886bcd8fb765a25bf
Author: Wayne Davison way...@samba.org
Date: Thu Nov 27 11:57:35 2014 -0800
Use usleep() for msleep() if it is available.
---
Summary of changes:
NEWS | 4 +++-
configure.ac | 2 +-
util2.c | 8 ++--
3 files changed, 10 insertions(+), 4 deletions(-)
Changeset truncated at 500 lines:
diff --git a/NEWS b/NEWS
index 7bc205d..84df781 100644
--- a/NEWS
+++ b/NEWS
@@ -9,7 +9,9 @@ Changes since 3.1.1:
ENHANCEMENTS:
- Added (DRY RUN) info to the --debug=exit output line.
-- Added a few extra long options to rrsync script, which will make
BackupPC happier.
+- Use usleep() for our msleep() function if it is available.
+- Added a few extra long-option names to rrsync script, which will make
+ BackupPC happier.
DEVELOPER RELATED:
diff --git a/configure.ac b/configure.ac
index 70381f7..5c557a8 100644
--- a/configure.ac
+++ b/configure.ac
@@ -602,7 +602,7 @@ AC_CHECK_FUNCS(waitpid wait4 getcwd strdup chown chmod
lchmod mknod mkfifo \
setlocale setmode open64 lseek64 mkstemp64 mtrace va_copy __va_copy \
seteuid strerror putenv iconv_open locale_charset nl_langinfo getxattr \
extattr_get_link sigaction sigprocmask setattrlist getgrouplist \
-initgroups utimensat posix_fallocate attropen setvbuf)
+initgroups utimensat posix_fallocate attropen setvbuf usleep)
dnl cygwin iconv.h defines iconv_open as libiconv_open
if test x$ac_cv_func_iconv_open != xyes; then
diff --git a/util2.c b/util2.c
index 6ffbcec..bc9f66a 100644
--- a/util2.c
+++ b/util2.c
@@ -35,6 +35,9 @@ extern int checksum_len;
**/
int msleep(int t)
{
+#ifdef HAVE_USLEEP
+ usleep(t*1000);
+#else
int tdiff = 0;
struct timeval tval, t1, t2;
@@ -48,11 +51,12 @@ int msleep(int t)
select(0,NULL,NULL, NULL, tval);
gettimeofday(t2, NULL);
- if (t2.tv_sec t1.tv_sec)
- t1 = t2; /* Time went backwards, so start over. */
tdiff = (t2.tv_sec - t1.tv_sec)*1000 +
(t2.tv_usec - t1.tv_usec)/1000;
+ if (tdiff 0)
+ t1 = t2; /* Time went backwards, so start over. */
}
+#endif
return True;
}
--
The rsync repository.
___
rsync-cvs mailing list
rsync-cvs@lists.samba.org
https://lists.samba.org/mailman/listinfo/rsync-cvs
