- Update from version 3.2.6 to 3.2.7 - Update of rootfile not required - Changelog # NEWS for rsync 3.2.7 (20 Oct 2022) ### BUG FIXES: - Fixed the client-side validating of the remote sender's filtering behavior. - More fixes for the "unrequested file-list name" name, including a copy of "/" with `--relative` enabled and a copy with a lot of related paths with `--relative` enabled (often derived from a `--files-from` list). - When rsync gets an unpack error on an ACL, mention the filename. - Avoid over-setting sanitize_paths when a daemon is serving "/" (even if "use chroot" is false). ### ENHANCEMENTS: - Added negotiated daemon-auth support that allows a stronger checksum digest to be used to validate a user's login to the daemon. Added SHA512, SHA256, and SHA1 digests to MD5 & MD4. These new digests are at the highest priority in the new daemon-auth negotiation list. - Added support for the SHA1 digest in file checksums. While this tends to be overkill, it is available if someone really needs it. This overly-long checksum is at the lowest priority in the normal checksum negotiation list. See [`--checksum-choice`](rsync.1#opt) (`--cc`) and the `RSYNC_CHECKSUM_LIST` environment var for how to customize this. - Improved the xattr hash table to use a 64-bit key without slowing down the key's computation. This should make extra sure that a hash collision doesn't happen. - If the `--version` option is repeated (e.g. `-VV`) then the information is output in a (still readable) JSON format. Client side only. - The script `support/json-rsync-version` is available to get the JSON style version output from any rsync. The script accepts either text on stdin **or** an arg that specifies an rsync executable to run with a doubled `--version` option. If the text we get isn't already in JSON format, it is converted. Newer rsync versions will provide more complete json info than older rsync versions. Various tweaks are made to keep the flag names consistent across versions. - The [`use chroot`](rsyncd.conf.5#) daemon parameter now defaults to "unset" so that rsync can use chroot when it works and a sanitized copy when chroot is not supported (e.g., for a non-root daemon). Explicitly setting the parameter to true or false (on or off) behaves the same way as before. - The `--fuzzy` option was optimized a bit to try to cut down on the amount of computations when considering a big pool of files. The simple heuristic from Kenneth Finnegan resuled in about a 2x speedup. - If rsync is forced to use protocol 29 or before (perhaps due to talking to an rsync before 3.0.0), the modify time of a file is limited to 4-bytes. Rsync now interprets this value as an unsigned integer so that a current year past 2038 can continue to be represented. This does mean that years prior to 1970 cannot be represented in an older protocol, but this trade-off seems like the right choice given that (1) 2038 is very rapidly approaching, and (2) newer protocols support a much wider range of old and new dates. - The rsync client now treats an empty destination arg as an error, just like it does for an empty source arg. This doesn't affect a `host:` arg (which is treated the same as `host:.`) since the arg is not completely empty. The use of [`--old-args`](rsync.1#opt) (including via `RSYNC_OLD_ARGS`) allows the prior behavior of treating an empty destination arg as a ".". ### PACKAGING RELATED: - The checksum code now uses openssl's EVP methods, which gets rid of various deprecation warnings and makes it easy to support more digest methods. On newer systems, the MD4 digest is marked as legacy in the openssl code, which makes openssl refuse to support it via EVP. You can choose to ignore this and allow rsync's MD4 code to be used for older rsync connections (when talking to an rsync prior to 3.0.0) or you can choose to configure rsync to tell openssl to enable legacy algorithms (see below). - A simple openssl config file is supplied that can be installed for rsync to use. If you install packaging/openssl-rsync.cnf to a public spot (such as `/etc/ssl/openssl-rsync.cnf`) and then run configure with the option `--with-openssl-conf=/path/name.cnf`, this will cause rsync to export the configured path in the OPENSSL_CONF environment variable (when the variable is not already set). This will enable openssl's MD4 code for rsync to use. - The packager may wish to include an explicit "use chroot = true" in the top section of their supplied /etc/rsyncd.conf file if the daemon is being installed to run as the root user (though rsync should behave the same even with the value unset, a little extra paranoia doesn't hurt). - I've noticed that some packagers haven't installed support/nameconvert for users to use in their chrooted rsync configs. Even if it is not installed as an executable script (to avoid a python3 dependency) it would be good to install it with the other rsync-related support scripts. - It would be good to add support/json-rsync-version to the list of installed support scripts.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- lfs/rsync | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lfs/rsync b/lfs/rsync index 07a56f96d..abd5d5053 100644 --- a/lfs/rsync +++ b/lfs/rsync @@ -26,7 +26,7 @@ include Config
SUMMARY = Versatile tool for fast incremental file transfer
-VER = 3.2.6 +VER = 3.2.7
THISAPP = rsync-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = rsync -PAK_VER = 16 +PAK_VER = 17
DEPS =
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = fa0c4aa9cdffbc9ffd4f81e8c3cdc1fda7080f80c1923084c6d705e6872caaba31c13de4603c9462f312dbbdae76520c27d3f4f40b327f1e66c7127b1d05ea73 +$(DL_FILE)_BLAKE2 = 1b910b321e8d6b49af9f26bef813509f0da12dedd6857897de136d3617c68d38368ce05de13b9b0ef35a5452dca141ebdcdfb6af8456151d0ca0ad546452b504
install : $(TARGET)
Reviewed-by: Michael Tremer michael.tremer@ipfire.org
On 28 Nov 2022, at 13:23, Adolf Belka adolf.belka@ipfire.org wrote:
- Update from version 3.2.6 to 3.2.7
- Update of rootfile not required
- Changelog # NEWS for rsync 3.2.7 (20 Oct 2022)
### BUG FIXES:
- Fixed the client-side validating of the remote sender's filtering behavior.
- More fixes for the "unrequested file-list name" name, including a copy of
"/" with `--relative` enabled and a copy with a lot of related paths with `--relative` enabled (often derived from a `--files-from` list).
- When rsync gets an unpack error on an ACL, mention the filename.
- Avoid over-setting sanitize_paths when a daemon is serving "/" (even if
"use chroot" is false). ### ENHANCEMENTS:
- Added negotiated daemon-auth support that allows a stronger checksum digest
to be used to validate a user's login to the daemon. Added SHA512, SHA256, and SHA1 digests to MD5 & MD4. These new digests are at the highest priority in the new daemon-auth negotiation list.
- Added support for the SHA1 digest in file checksums. While this tends to be
overkill, it is available if someone really needs it. This overly-long checksum is at the lowest priority in the normal checksum negotiation list. See [`--checksum-choice`](rsync.1#opt) (`--cc`) and the `RSYNC_CHECKSUM_LIST` environment var for how to customize this.
- Improved the xattr hash table to use a 64-bit key without slowing down the
key's computation. This should make extra sure that a hash collision doesn't happen.
- If the `--version` option is repeated (e.g. `-VV`) then the information is
output in a (still readable) JSON format. Client side only.
- The script `support/json-rsync-version` is available to get the JSON style
version output from any rsync. The script accepts either text on stdin **or** an arg that specifies an rsync executable to run with a doubled `--version` option. If the text we get isn't already in JSON format, it is converted. Newer rsync versions will provide more complete json info than older rsync versions. Various tweaks are made to keep the flag names consistent across versions.
- The [`use chroot`](rsyncd.conf.5#) daemon parameter now defaults to "unset"
so that rsync can use chroot when it works and a sanitized copy when chroot is not supported (e.g., for a non-root daemon). Explicitly setting the parameter to true or false (on or off) behaves the same way as before.
- The `--fuzzy` option was optimized a bit to try to cut down on the amount of
computations when considering a big pool of files. The simple heuristic from Kenneth Finnegan resuled in about a 2x speedup.
- If rsync is forced to use protocol 29 or before (perhaps due to talking to an
rsync before 3.0.0), the modify time of a file is limited to 4-bytes. Rsync now interprets this value as an unsigned integer so that a current year past 2038 can continue to be represented. This does mean that years prior to 1970 cannot be represented in an older protocol, but this trade-off seems like the right choice given that (1) 2038 is very rapidly approaching, and (2) newer protocols support a much wider range of old and new dates.
- The rsync client now treats an empty destination arg as an error, just like
it does for an empty source arg. This doesn't affect a `host:` arg (which is treated the same as `host:.`) since the arg is not completely empty. The use of [`--old-args`](rsync.1#opt) (including via `RSYNC_OLD_ARGS`) allows the prior behavior of treating an empty destination arg as a ".". ### PACKAGING RELATED:
- The checksum code now uses openssl's EVP methods, which gets rid of various
deprecation warnings and makes it easy to support more digest methods. On newer systems, the MD4 digest is marked as legacy in the openssl code, which makes openssl refuse to support it via EVP. You can choose to ignore this and allow rsync's MD4 code to be used for older rsync connections (when talking to an rsync prior to 3.0.0) or you can choose to configure rsync to tell openssl to enable legacy algorithms (see below).
- A simple openssl config file is supplied that can be installed for rsync to
use. If you install packaging/openssl-rsync.cnf to a public spot (such as `/etc/ssl/openssl-rsync.cnf`) and then run configure with the option `--with-openssl-conf=/path/name.cnf`, this will cause rsync to export the configured path in the OPENSSL_CONF environment variable (when the variable is not already set). This will enable openssl's MD4 code for rsync to use.
- The packager may wish to include an explicit "use chroot = true" in the top
section of their supplied /etc/rsyncd.conf file if the daemon is being installed to run as the root user (though rsync should behave the same even with the value unset, a little extra paranoia doesn't hurt).
- I've noticed that some packagers haven't installed support/nameconvert for
users to use in their chrooted rsync configs. Even if it is not installed as an executable script (to avoid a python3 dependency) it would be good to install it with the other rsync-related support scripts.
- It would be good to add support/json-rsync-version to the list of installed
support scripts.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
lfs/rsync | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lfs/rsync b/lfs/rsync index 07a56f96d..abd5d5053 100644 --- a/lfs/rsync +++ b/lfs/rsync @@ -26,7 +26,7 @@ include Config
SUMMARY = Versatile tool for fast incremental file transfer
-VER = 3.2.6 +VER = 3.2.7
THISAPP = rsync-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = rsync -PAK_VER = 16 +PAK_VER = 17
DEPS =
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = fa0c4aa9cdffbc9ffd4f81e8c3cdc1fda7080f80c1923084c6d705e6872caaba31c13de4603c9462f312dbbdae76520c27d3f4f40b327f1e66c7127b1d05ea73 +$(DL_FILE)_BLAKE2 = 1b910b321e8d6b49af9f26bef813509f0da12dedd6857897de136d3617c68d38368ce05de13b9b0ef35a5452dca141ebdcdfb6af8456151d0ca0ad546452b504
install : $(TARGET)
-- 2.38.1