Commit Graph

819 Commits

Author SHA1 Message Date
Axel Kittenberger
e9ffda07f0 Merge pull request #298 from creshal/master
Properly sanitize mv parameters (CVE-2014-8990)
2014-11-26 11:39:46 +01:00
Ángel González
e6016b3748 Properly sanitize mv parameters (CVE-2014-8990)
When using -rsyncssh option, some filenames
could -in addition of not syncing correctly-
crash the service and execute arbitrary commands
under the credentials of the remote user.

These issues have been assigned CVE-2014-8990

This commit fixes the incomplete and lua5.2-incompatible
sanitization performed by 18f02ad0

Signed-off-by: Sven Schwedas <sven.schwedas@tao.at>
2014-11-26 09:01:25 +01:00
Sven Schwedas
18f02ad013 Sanitize mv arguments:
1. Fixes crashes on file names containing `, $ or "
2. Also prevents shell execution of ``, $() … in file names, which can be
   used to gain remote shell access as lsyncd's (target) user.
2014-10-29 13:32:20 +01:00
Roland Walker
aea57a5a11 Clarify the disclaimer.
The previous phrasing might be misread as claiming responsibility
rather than disclaiming it.
2014-07-08 10:43:52 -04:00
Axel Kittenberger
4da2257758 adding install targets and reenabling the manpage stuff 2014-04-29 16:38:25 +02:00
Axel Kittenberger
f199fd1866 this can now also go 2014-04-29 16:19:18 +02:00
Axel Kittenberger
8572a6dacc simply adding the compiled manpage to the git repository. that is giving up the idea not to put anything generated into the source repository. it is going to be easier that way. 2014-04-29 16:18:06 +02:00
Axel Kittenberger
23dfeb6a05 ignoring stuff for intree builds 2014-04-29 16:13:12 +02:00
Axel Kittenberger
b6228f442d Replacing autotools with CMake 2014-04-29 16:11:27 +02:00
Axel Kittenberger
0a1cab6609 updating changelog 2014-04-24 13:33:07 +02:00
Axel Kittenberger
6d69134971 Merge pull request #238 from st63jun/fix-logging-msg
Fix logging message
2014-04-24 13:17:21 +02:00
Axel Kittenberger
110a525392 Merge pull request #255 from plouj/patch-1
Typo in print format.
2014-04-24 12:47:25 +02:00
Axel Kittenberger
f8fea06944 Merge pull request #253 from exKAZUu/master 2014-04-24 12:45:15 +02:00
Axel Kittenberger
85e95ef150 cosmetics 2014-02-28 10:15:48 +01:00
Michael Ploujnikov
786f37d22d Typo in print format.
This causes a segfault when addwatch fails due to a disappeared
directory. Eg: often caused by a race condition with a short lived
directory created by Firefox' safebrowsing subsystem:
~/.cache/mozilla/firefox/pr0f1l3.default/safebrowsing-to_delete/
2014-01-08 23:21:18 -05:00
Kazunori SAKAMOTO
7addc7060b Add missed comma. 2014-01-03 17:11:48 +09:00
Axel Kittenberger
178f315907 Merge pull request #246 from andrewfenn/patch-1
Fix for older kernels to make sure O_CLOEXEC is defined
2013-11-11 01:24:53 -08:00
Andrew Fenn
b2383227cd Fix for older kernels to make sure O_CLOEXEC is defined
This patch fixes an issue where I was getting build errors that O_CLOEXEC was undefined on an older 2.6.32 kernel. Even though the flag is supported in this kernel it was not getting defined.
2013-10-30 13:03:24 +07:00
Jun SAITO
1bfd98d64d Fix logging message 2013-09-30 23:05:59 +09:00
Axel Kittenberger
c23e9841ee a2x instead of 2013-09-15 18:03:27 +02:00
Axel Kittenberger
b6f4c6f990 Merge pull request #231 from rhunter/patch-1
Link to official BindFS homepage in README
2013-08-06 21:27:56 -07:00
Rob Hunter
54e721e94b Update README link to latest official home 2013-08-07 13:34:52 +10:00
Axel Kittenberger
25d2405906 lock pidfile, remove pidfile on INT or TERM 2013-07-30 12:20:23 +02:00
Axel Kittenberger
6f4613c53a adding ssh.identityFile and ssh.options options 2013-07-30 11:16:29 +02:00
Axel Kittenberger
1dacb68745 Merge pull request #221 from dreiss/config
Fixes for parsing excludes file
2013-07-07 23:15:33 -07:00
David Reiss
d772fcba0f Ignore blank lines and rsync comments in excludes file 2013-07-05 10:46:27 -07:00
David Reiss
716b88909a Escape + in pattern for extra safety
The old version worked, but it seems like an accident that a "+" after a
"*" is treated as a literal "+" and not a repetition.
2013-07-05 10:45:56 -07:00
David Reiss
502e2e0eed Don't treat exclude lines with embedded "+" characters as inclusions
Previously, this code prevented any file name with a "+" character from
being excluded.
2013-07-05 10:27:18 -07:00
Axel Kittenberger
e880c607be wrong month :/ 2013-06-07 14:44:14 +02:00
Axel Kittenberger
d0c9a60213 changing delay from command line to a number 2013-06-07 14:24:02 +02:00
Axel Kittenberger
c785f0a2ad Changelog 2013-06-07 14:10:39 +02:00
Axel Kittenberger
1c299c14dd checking delay to a number > 0 2013-06-07 14:09:57 +02:00
Axel Kittenberger
3aa8ed1182 * fixing ssh port overwriting the last rsync option
* preparing 2.1.5
2013-06-07 13:40:54 +02:00
Axel Kittenberger
7fe13abab8 Merge branch 'master' of https://github.com/axkibe/lsyncd 2013-06-07 13:26:03 +02:00
Axel Kittenberger
72fa0e8865 Merge branch 'master' of github.com:axkibe/lsyncd 2013-06-07 13:23:55 +02:00
Axel Kittenberger
6290bd6ea7 + fixing 0 characters in -log Exec message for pipes 2013-06-07 11:12:24 +02:00
Axel Kittenberger
25a2274d83 added bwlimit 2013-06-07 11:11:42 +02:00
Axel Kittenberger
eb4370db9c a2x is actually not required when building from a tarball 2013-06-07 10:13:55 +02:00
Axel Kittenberger
ec15abd244 bugfix: don't replace variables when spawning binary, by flygoast 2013-06-07 10:10:14 +02:00
Axel Kittenberger
d0e56565a8 Merge pull request #213 from flygoast/master
fix the size of the buffer allocated for pipemsg
2013-06-06 10:53:36 -07:00
flygoast
367d5e940a bugfix: fix the buffer size of pipemsg 2013-06-07 00:23:50 +08:00
Axel Kittenberger
3c9f88330b link to libmath when checking for LUA_COMPAT 2013-06-03 14:15:46 +02:00
Axel Kittenberger
46d23d59b3 Merge branch 'master' of github.com:axkibe/lsyncd 2013-05-15 00:44:36 +02:00
Axel Kittenberger
6c6ab9adf0 adding onAttrib to checkgauge 2013-05-14 23:13:09 +02:00
Axel Kittenberger
9619062764 Merge pull request #203 from grooverdan/docfix
Fix documentation spelling bits, and a few links
2013-05-14 14:08:20 -07:00
Daniel Black
99ea89ad0d Fix documentation spelling bits, and a few links 2013-05-04 13:11:09 +10:00
Axel Kittenberger
dd4a1134a5 Merge pull request #195 from kashyapp/master
Adding --timeout to default.rsync
2013-03-20 04:51:32 -07:00
Kashyap Paidimarri
769fb3c26b Adding timeout to default.rsync 2013-03-19 12:55:34 +05:30
Axel Kittenberger
c13af5df7e Merge pull request #190 from kenyon/patch-2
README.md: update link to latest manual
2013-03-15 02:39:45 -07:00
Kenyon Ralph
8c36e20877 README.md: update link to latest manual 2013-03-15 02:37:25 -07:00