After a year and a half of development, the release of Rsync 3.2.4 is available, a file synchronization and backup utility that allows you to minimize traffic by incrementally copying changes. The transport can be ssh, rsh, or the native rsync protocol. The organization of the work of anonymous rsync servers is supported, which are optimally suited for ensuring the synchronization of mirrors. The project code is distributed under the GPLv3 license.
Among the changes added:
- A new command-line argument protection method has been proposed that resembles the previously available "--protect-args" ("-s") option, but does not break the rrsync (restricted rsync) script. Protection comes down to escaping special characters, including spaces, when passing requests to an external command interpreter. The new method does not escape special characters inside a quoted block, which allows simple quoting of a file name without additional escaping, for example, the command "rsync -aiv host:'a simple file.pdf' is now allowed." To return the old behavior, the "--old-args" option and the "RSYNC_OLD_ARGS=1" environment variable are proposed.
- Resolved a long-standing issue with decimal point characters being handled in the current locale ("," instead of "."). For scripts designed to process only the "." in numbers, in case of violation of compatibility, you can set the locale "C".
- Addresses a vulnerability (CVE-2018-25032) in bundled code from the zlib library that causes a buffer overflow when attempting to compress a specially prepared character sequence.
- Implemented the "--fsync" option to call the fsync() function on every file operation to flush the disk cache.
- The rsync-ssl script uses the "-verify_hostname" option when accessing openssl.
- Added "--copy-devices" option to copy device files as normal files.
- Reduced memory consumption when incrementally transferring a large number of small directories.
- On the macOS platform, the "--atimes" option is provided.
- Implemented the ability to update xattrs attributes for files in read-only mode if the user has permission to change access rights (for example, when running as root).
- Added and enabled by default parameter "--info=NONREG" to display warnings about transferring special files.
- The rrsync (restricted rsync) script has been rewritten in Python. Added new options "-munge", "-no-lock" and "-no-del". The "--copy-links" (-L), "--copy-dirlinks" (-k), and "--keep-dirlinks" (-K) options are disabled by default to make attacks that manipulate symbolic links to directories more difficult.
- The atomic-rsync script has been rewritten in Python and extended with the ability to ignore non-zero return codes. By default, code 24 is ignored when files go missing during rsync (for example, code 24 is returned for temporary files that were present at the time of initial indexing but were deleted by the time of migration).
- The munge-symlinks script has been rewritten in Python.
Source: opennet.ru