Re: [PATCH] rsync: Update to version 3.2.7

[Michael Tremer <michael.tremer@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 6607 bytes --]

Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>

> On 28 Nov 2022, at 13:23, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
> 
> - Update from version 3.2.6 to 3.2.7
> - Update of rootfile not required
> - Changelog
>    # NEWS for rsync 3.2.7 (20 Oct 2022)
> ### BUG FIXES:
> - Fixed the client-side validating of the remote sender's filtering behavior.
> - More fixes for the "unrequested file-list name" name, including a copy of
>  "/" with `--relative` enabled and a copy with a lot of related paths with
>  `--relative` enabled (often derived from a `--files-from` list).
> - When rsync gets an unpack error on an ACL, mention the filename.
> - Avoid over-setting sanitize_paths when a daemon is serving "/" (even if
>  "use chroot" is false).
> ### ENHANCEMENTS:
> - Added negotiated daemon-auth support that allows a stronger checksum digest
>  to be used to validate a user's login to the daemon.  Added SHA512, SHA256,
>  and SHA1 digests to MD5 & MD4.  These new digests are at the highest priority
>  in the new daemon-auth negotiation list.
> - Added support for the SHA1 digest in file checksums.  While this tends to be
>  overkill, it is available if someone really needs it.  This overly-long
>  checksum is at the lowest priority in the normal checksum negotiation list.
>  See [`--checksum-choice`](rsync.1#opt) (`--cc`) and the `RSYNC_CHECKSUM_LIST`
>  environment var for how to customize this.
> - Improved the xattr hash table to use a 64-bit key without slowing down the
>  key's computation.  This should make extra sure that a hash collision doesn't
>  happen.
> - If the `--version` option is repeated (e.g. `-VV`) then the information is
>  output in a (still readable) JSON format.  Client side only.
> - The script `support/json-rsync-version` is available to get the JSON style
>  version output from any rsync.  The script accepts either text on stdin
>  **or** an arg that specifies an rsync executable to run with a doubled
>  `--version` option.  If the text we get isn't already in JSON format, it is
>  converted. Newer rsync versions will provide more complete json info than
>  older rsync versions. Various tweaks are made to keep the flag names
>  consistent across versions.
> - The [`use chroot`](rsyncd.conf.5#) daemon parameter now defaults to "unset"
>  so that rsync can use chroot when it works and a sanitized copy when chroot
>  is not supported (e.g., for a non-root daemon).  Explicitly setting the
>  parameter to true or false (on or off) behaves the same way as before.
> - The `--fuzzy` option was optimized a bit to try to cut down on the amount of
>  computations when considering a big pool of files. The simple heuristic from
>  Kenneth Finnegan resuled in about a 2x speedup.
> - If rsync is forced to use protocol 29 or before (perhaps due to talking to an
>  rsync before 3.0.0), the modify time of a file is limited to 4-bytes.  Rsync
>  now interprets this value as an unsigned integer so that a current year past
>  2038 can continue to be represented. This does mean that years prior to 1970
>  cannot be represented in an older protocol, but this trade-off seems like the
>  right choice given that (1) 2038 is very rapidly approaching, and (2) newer
>  protocols support a much wider range of old and new dates.
> - The rsync client now treats an empty destination arg as an error, just like
>  it does for an empty source arg. This doesn't affect a `host:` arg (which is
>  treated the same as `host:.`) since the arg is not completely empty.  The use
>  of [`--old-args`](rsync.1#opt) (including via `RSYNC_OLD_ARGS`) allows the
>  prior behavior of treating an empty destination arg as a ".".
> ### PACKAGING RELATED:
> - The checksum code now uses openssl's EVP methods, which gets rid of various
>  deprecation warnings and makes it easy to support more digest methods.  On
>  newer systems, the MD4 digest is marked as legacy in the openssl code, which
>  makes openssl refuse to support it via EVP.  You can choose to ignore this
>  and allow rsync's MD4 code to be used for older rsync connections (when
>  talking to an rsync prior to 3.0.0) or you can choose to configure rsync to
>  tell openssl to enable legacy algorithms (see below).
> - A simple openssl config file is supplied that can be installed for rsync to
>  use.  If you install packaging/openssl-rsync.cnf to a public spot (such as
>  `/etc/ssl/openssl-rsync.cnf`) and then run configure with the option
>  `--with-openssl-conf=/path/name.cnf`, this will cause rsync to export the
>  configured path in the OPENSSL_CONF environment variable (when the variable
>  is not already set).  This will enable openssl's MD4 code for rsync to use.
> - The packager may wish to include an explicit "use chroot = true" in the top
>  section of their supplied /etc/rsyncd.conf file if the daemon is being
>  installed to run as the root user (though rsync should behave the same even
>  with the value unset, a little extra paranoia doesn't hurt).
> - I've noticed that some packagers haven't installed support/nameconvert for
>  users to use in their chrooted rsync configs.  Even if it is not installed
>  as an executable script (to avoid a python3 dependency) it would be good to
>  install it with the other rsync-related support scripts.
> - It would be good to add support/json-rsync-version to the list of installed
>  support scripts.
> 
> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
> ---
> lfs/rsync | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/lfs/rsync b/lfs/rsync
> index 07a56f96d..abd5d5053 100644
> --- a/lfs/rsync
> +++ b/lfs/rsync
> @@ -26,7 +26,7 @@ include Config
> 
> SUMMARY    = Versatile tool for fast incremental file transfer
> 
> -VER        = 3.2.6
> +VER        = 3.2.7
> 
> THISAPP    = rsync-$(VER)
> DL_FILE    = $(THISAPP).tar.gz
> @@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
> DIR_APP    = $(DIR_SRC)/$(THISAPP)
> TARGET     = $(DIR_INFO)/$(THISAPP)
> PROG       = rsync
> -PAK_VER    = 16
> +PAK_VER    = 17
> 
> DEPS       =
> 
> @@ -48,7 +48,7 @@ objects = $(DL_FILE)
> 
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
> 
> -$(DL_FILE)_BLAKE2 = fa0c4aa9cdffbc9ffd4f81e8c3cdc1fda7080f80c1923084c6d705e6872caaba31c13de4603c9462f312dbbdae76520c27d3f4f40b327f1e66c7127b1d05ea73
> +$(DL_FILE)_BLAKE2 = 1b910b321e8d6b49af9f26bef813509f0da12dedd6857897de136d3617c68d38368ce05de13b9b0ef35a5452dca141ebdcdfb6af8456151d0ca0ad546452b504
> 
> install : $(TARGET)
> 
> -- 
> 2.38.1
>