[pull] master from rclone:master#491
Merged
pull[bot] merged 5 commits intoJiaY-shi:masterfrom Feb 20, 2026
Merged
Conversation
Tar files created from the current directory (e.g. tar -czf archive.tar.gz .) produce entries prefixed with "./". When extracting, rclone's character encoding replaces the "." with a full-width dot (U+FF0E), creating a spurious directory instead of merging into the destination root. Strip the leading "./" from NameInArchive before processing. Only "./" is stripped specifically to avoid enabling path traversal attacks via "../". Fixes #9168
Co-authored-by: Jan-Philipp Reßler <xodarap@xodarap.de>
Use URLPathEscapeAll instead of URLPathEscape for path encoding. URLPathEscape relies on Go's url.URL.String() which only minimally escapes paths - reserved sub-delimiter characters like semicolons and equals signs pass through unescaped. Per RFC 3986 section 3.3, these characters must be percent-encoded when used as literal values in path segments. Some WebDAV servers (notably dCache/Jetty) interpret unescaped semicolons as path parameter delimiters, which truncates filenames at the semicolon position. URLPathEscapeAll encodes everything except [A-Za-z0-9/], which is safe for all servers. Fixes #9082
Add support for S3 Object Lock with the following new options: - --s3-object-lock-mode: set retention mode (GOVERNANCE/COMPLIANCE/copy) - --s3-object-lock-retain-until-date: set retention date (RFC3339/duration/copy) - --s3-object-lock-legal-hold-status: set legal hold (ON/OFF/copy) - --s3-bypass-governance-retention: bypass GOVERNANCE lock on delete - --s3-bucket-object-lock-enabled: enable Object Lock on bucket creation - --s3-object-lock-set-after-upload: apply lock via separate API calls The special value "copy" preserves the source object's setting when used with --metadata flag, enabling scenarios like cloning objects from COMPLIANCE to GOVERNANCE mode while preserving the original retention date. Includes integration tests that create a temporary Object Lock bucket covering: - Retention Mode and Date - Legal Hold - Apply settings after upload - Override protections using bypass-governance flag The tests are gracefully skipped on providers that do not support Object Lock. Fixes #4683 Closes #7894 #7893 #8866
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )