From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] rsync: Update to version 3.2.7 Date: Mon, 28 Nov 2022 13:30:06 +0000 Message-ID: In-Reply-To: <20221128132338.1572561-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7315149783407809755==" List-Id: --===============7315149783407809755== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Reviewed-by: Michael Tremer > On 28 Nov 2022, at 13:23, Adolf Belka wrote: >=20 > - Update from version 3.2.6 to 3.2.7 > - Update of rootfile not required > - Changelog > # NEWS for rsync 3.2.7 (20 Oct 2022) > ### BUG FIXES: > - Fixed the client-side validating of the remote sender's filtering behavio= r. > - More fixes for the "unrequested file-list name" name, including a copy of > "/" with `--relative` enabled and a copy with a lot of related paths with > `--relative` enabled (often derived from a `--files-from` list). > - When rsync gets an unpack error on an ACL, mention the filename. > - Avoid over-setting sanitize_paths when a daemon is serving "/" (even if > "use chroot" is false). > ### ENHANCEMENTS: > - Added negotiated daemon-auth support that allows a stronger checksum dige= st > to be used to validate a user's login to the daemon. Added SHA512, SHA256, > and SHA1 digests to MD5 & MD4. These new digests are at the highest prior= ity > in the new daemon-auth negotiation list. > - Added support for the SHA1 digest in file checksums. While this tends to= be > overkill, it is available if someone really needs it. This overly-long > checksum is at the lowest priority in the normal checksum negotiation list. > See [`--checksum-choice`](rsync.1#opt) (`--cc`) and the `RSYNC_CHECKSUM_LI= ST` > environment var for how to customize this. > - Improved the xattr hash table to use a 64-bit key without slowing down the > key's computation. This should make extra sure that a hash collision does= n't > happen. > - If the `--version` option is repeated (e.g. `-VV`) then the information is > output in a (still readable) JSON format. Client side only. > - The script `support/json-rsync-version` is available to get the JSON style > version output from any rsync. The script accepts either text on stdin > **or** an arg that specifies an rsync executable to run with a doubled > `--version` option. If the text we get isn't already in JSON format, it is > converted. Newer rsync versions will provide more complete json info than > older rsync versions. Various tweaks are made to keep the flag names > consistent across versions. > - The [`use chroot`](rsyncd.conf.5#) daemon parameter now defaults to "unse= t" > so that rsync can use chroot when it works and a sanitized copy when chroot > is not supported (e.g., for a non-root daemon). Explicitly setting the > parameter to true or false (on or off) behaves the same way as before. > - The `--fuzzy` option was optimized a bit to try to cut down on the amount= of > computations when considering a big pool of files. The simple heuristic fr= om > Kenneth Finnegan resuled in about a 2x speedup. > - If rsync is forced to use protocol 29 or before (perhaps due to talking t= o an > rsync before 3.0.0), the modify time of a file is limited to 4-bytes. Rsy= nc > now interprets this value as an unsigned integer so that a current year pa= st > 2038 can continue to be represented. This does mean that years prior to 19= 70 > cannot be represented in an older protocol, but this trade-off seems like = the > right choice given that (1) 2038 is very rapidly approaching, and (2) newer > protocols support a much wider range of old and new dates. > - The rsync client now treats an empty destination arg as an error, just li= ke > it does for an empty source arg. This doesn't affect a `host:` arg (which = is > treated the same as `host:.`) since the arg is not completely empty. The = use > of [`--old-args`](rsync.1#opt) (including via `RSYNC_OLD_ARGS`) allows the > prior behavior of treating an empty destination arg as a ".". > ### PACKAGING RELATED: > - The checksum code now uses openssl's EVP methods, which gets rid of vario= us > deprecation warnings and makes it easy to support more digest methods. On > newer systems, the MD4 digest is marked as legacy in the openssl code, whi= ch > makes openssl refuse to support it via EVP. You can choose to ignore this > and allow rsync's MD4 code to be used for older rsync connections (when > talking to an rsync prior to 3.0.0) or you can choose to configure rsync to > tell openssl to enable legacy algorithms (see below). > - A simple openssl config file is supplied that can be installed for rsync = to > use. If you install packaging/openssl-rsync.cnf to a public spot (such as > `/etc/ssl/openssl-rsync.cnf`) and then run configure with the option > `--with-openssl-conf=3D/path/name.cnf`, this will cause rsync to export the > configured path in the OPENSSL_CONF environment variable (when the variable > is not already set). This will enable openssl's MD4 code for rsync to use. > - The packager may wish to include an explicit "use chroot =3D true" in the= top > section of their supplied /etc/rsyncd.conf file if the daemon is being > installed to run as the root user (though rsync should behave the same even > with the value unset, a little extra paranoia doesn't hurt). > - I've noticed that some packagers haven't installed support/nameconvert for > users to use in their chrooted rsync configs. Even if it is not installed > as an executable script (to avoid a python3 dependency) it would be good to > install it with the other rsync-related support scripts. > - It would be good to add support/json-rsync-version to the list of install= ed > support scripts. >=20 > Signed-off-by: Adolf Belka > --- > lfs/rsync | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) >=20 > diff --git a/lfs/rsync b/lfs/rsync > index 07a56f96d..abd5d5053 100644 > --- a/lfs/rsync > +++ b/lfs/rsync > @@ -26,7 +26,7 @@ include Config >=20 > SUMMARY =3D Versatile tool for fast incremental file transfer >=20 > -VER =3D 3.2.6 > +VER =3D 3.2.7 >=20 > THISAPP =3D rsync-$(VER) > DL_FILE =3D $(THISAPP).tar.gz > @@ -34,7 +34,7 @@ DL_FROM =3D $(URL_IPFIRE) > DIR_APP =3D $(DIR_SRC)/$(THISAPP) > TARGET =3D $(DIR_INFO)/$(THISAPP) > PROG =3D rsync > -PAK_VER =3D 16 > +PAK_VER =3D 17 >=20 > DEPS =3D >=20 > @@ -48,7 +48,7 @@ objects =3D $(DL_FILE) >=20 > $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) >=20 > -$(DL_FILE)_BLAKE2 =3D fa0c4aa9cdffbc9ffd4f81e8c3cdc1fda7080f80c1923084c6d7= 05e6872caaba31c13de4603c9462f312dbbdae76520c27d3f4f40b327f1e66c7127b1d05ea73 > +$(DL_FILE)_BLAKE2 =3D 1b910b321e8d6b49af9f26bef813509f0da12dedd6857897de13= 6d3617c68d38368ce05de13b9b0ef35a5452dca141ebdcdfb6af8456151d0ca0ad546452b504 >=20 > install : $(TARGET) >=20 > --=20 > 2.38.1 >=20 --===============7315149783407809755==--