[Bug 10951] Emtpy parameter triggers unwanted behavior, but no error message
https://bugzilla.samba.org/show_bug.cgi?id=10951 Wayne Davison way...@samba.org changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |INVALID --- Comment #2 from Wayne Davison way...@samba.org --- Since the command-line you mentioned is completely valid, there's no error for rsync to complain about. Your args specified --exclude --exclude (so that it won't transfer a file named --exclude) and then specified /mnt as a source or destination arg (depending on where it appears in the list of args). One thing you could possibly do to make the arg parsing stricter is to export POSIXLY_CORRECT=1 in the environment. That makes popt stop parsing options at the first non-option it finds, so something like --exclude --exclude /mnt --del /src/ /dest/ would at least complain about the file --del not existing while it was copying /mnt and /src/ to /dest (though it doesn't stop the copying from happening). -- You are receiving this mail because: You are the QA Contact for the bug. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
[Bug 10951] Emtpy parameter triggers unwanted behavior, but no error message
https://bugzilla.samba.org/show_bug.cgi?id=10951 --- Comment #3 from Wayne Davison way...@samba.org --- Let me also add that if the cause was a bash shell variable that ended up being empty, then you should note that it is a bash-ism to require parameters to be double-quoted in order for them to behave sanely (e.g. --exclude $arg) whereas other shells (such as zsh) default to a saner behavior for something like --exclude $arg. -- You are receiving this mail because: You are the QA Contact for the bug. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
[Bug 10936] Rsync path hijacking attack vulnerability
https://bugzilla.samba.org/show_bug.cgi?id=10936 Wayne Davison way...@samba.org changed: What|Removed |Added Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #3 from Wayne Davison way...@samba.org --- In your test, you didn't use 3.1.1 on the client side. This was fixed in that release: ABORTING due to unsafe pathname from sender: /root/pwned.test -- You are receiving this mail because: You are the QA Contact for the bug. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
[Bug 10936] Rsync path hijacking attack vulnerability
https://bugzilla.samba.org/show_bug.cgi?id=10936 --- Comment #4 from roland devz...@web.de --- that fix is this two commits, correct ? https://git.samba.org/?p=rsync.git;a=commit;h=371242e4e8150d4f9cc74cdf2d75d8250535175e https://git.samba.org/?p=rsync.git;a=commit; h=4cad402ea8a91031f86c53961d78bb7f4f174790 -- You are receiving this mail because: You are the QA Contact for the bug. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: Bug-report:rsync may hung if time jumps backwards
On Sun, Nov 16, 2014 at 10:44 PM, yhu2 yadi...@windriver.com wrote: + usleep(t*1000); Is it a correct fix? any comments would be appreciated!!! The hang was not because time went backwards, but because it moved forward by over 2 years (which overflows a variable, making the value negative). I both fixed that issue, and added a configure check for usleep(), which we will use if it is around. Thanks! ..wayne.. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
[Bug 10936] Rsync path hijacking attack vulnerability
https://bugzilla.samba.org/show_bug.cgi?id=10936 --- Comment #5 from Wayne Davison way...@samba.org --- (In reply to roland from comment #4) Yes, those are the commits for this bug. -- You are receiving this mail because: You are the QA Contact for the bug. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
Re: Bug-report:rsync may hung if time jumps backwards
thanks your reply, could you please send off official fix? On 11/28/2014 04:05 AM, Wayne Davison wrote: On Sun, Nov 16, 2014 at 10:44 PM, yhu2 yadi...@windriver.com mailto:yadi...@windriver.com wrote: + usleep(t*1000); Is it a correct fix? any comments would be appreciated!!! The hang was not because time went backwards, but because it moved forward by over 2 years (which overflows a variable, making the value negative). I both fixed that issue, and added a configure check for usleep(), which we will use if it is around. Thanks! ..wayne.. -- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
[SCM] The rsync repository. - branch master updated
The branch, master has been updated via 5546dab Use usleep() for msleep() if it is available. from 6128f56 Add a missing closing paren. https://git.samba.org/?p=rsync.git;a=shortlog;h=master - Log - commit 5546dab32970955e77ef7a5886bcd8fb765a25bf Author: Wayne Davison way...@samba.org Date: Thu Nov 27 11:57:35 2014 -0800 Use usleep() for msleep() if it is available. --- Summary of changes: NEWS | 4 +++- configure.ac | 2 +- util2.c | 8 ++-- 3 files changed, 10 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/NEWS b/NEWS index 7bc205d..84df781 100644 --- a/NEWS +++ b/NEWS @@ -9,7 +9,9 @@ Changes since 3.1.1: ENHANCEMENTS: - Added (DRY RUN) info to the --debug=exit output line. -- Added a few extra long options to rrsync script, which will make BackupPC happier. +- Use usleep() for our msleep() function if it is available. +- Added a few extra long-option names to rrsync script, which will make + BackupPC happier. DEVELOPER RELATED: diff --git a/configure.ac b/configure.ac index 70381f7..5c557a8 100644 --- a/configure.ac +++ b/configure.ac @@ -602,7 +602,7 @@ AC_CHECK_FUNCS(waitpid wait4 getcwd strdup chown chmod lchmod mknod mkfifo \ setlocale setmode open64 lseek64 mkstemp64 mtrace va_copy __va_copy \ seteuid strerror putenv iconv_open locale_charset nl_langinfo getxattr \ extattr_get_link sigaction sigprocmask setattrlist getgrouplist \ -initgroups utimensat posix_fallocate attropen setvbuf) +initgroups utimensat posix_fallocate attropen setvbuf usleep) dnl cygwin iconv.h defines iconv_open as libiconv_open if test x$ac_cv_func_iconv_open != xyes; then diff --git a/util2.c b/util2.c index 6ffbcec..bc9f66a 100644 --- a/util2.c +++ b/util2.c @@ -35,6 +35,9 @@ extern int checksum_len; **/ int msleep(int t) { +#ifdef HAVE_USLEEP + usleep(t*1000); +#else int tdiff = 0; struct timeval tval, t1, t2; @@ -48,11 +51,12 @@ int msleep(int t) select(0,NULL,NULL, NULL, tval); gettimeofday(t2, NULL); - if (t2.tv_sec t1.tv_sec) - t1 = t2; /* Time went backwards, so start over. */ tdiff = (t2.tv_sec - t1.tv_sec)*1000 + (t2.tv_usec - t1.tv_usec)/1000; + if (tdiff 0) + t1 = t2; /* Time went backwards, so start over. */ } +#endif return True; } -- The rsync repository. ___ rsync-cvs mailing list rsync-cvs@lists.samba.org https://lists.samba.org/mailman/listinfo/rsync-cvs