From 0154da61390c56ed7c6d0a5a5ee9d66664ce565badc23bfbfb6ed3a098249c1b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Sat, 4 May 2024 00:10:06 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main rsync revision 5aae52720cdc30fbf47309e420825c93 --- .gitattributes | 23 + logrotate.rsync | 11 + rsync-3.2.7.tar.gz | 3 + rsync-3.2.7.tar.gz.asc | 6 + rsync-fortified-strlcpy-fix.patch | 48 ++ rsync-no-libattr.patch | 13 + rsync-patches-3.2.7.tar.gz | 3 + rsync-patches-3.2.7.tar.gz.asc | 6 + rsync.changes | 1257 +++++++++++++++++++++++++++++ rsync.keyring | 32 + rsync.spec | 204 +++++ rsyncd | 6 + rsyncd.conf | 16 + rsyncd.rc | 137 ++++ rsyncd.secrets | 1 + rsyncd.service | 22 + rsyncd.socket | 10 + rsyncd@.service | 11 + 18 files changed, 1809 insertions(+) create mode 100644 .gitattributes create mode 100644 logrotate.rsync create mode 100644 rsync-3.2.7.tar.gz create mode 100644 rsync-3.2.7.tar.gz.asc create mode 100644 rsync-fortified-strlcpy-fix.patch create mode 100644 rsync-no-libattr.patch create mode 100644 rsync-patches-3.2.7.tar.gz create mode 100644 rsync-patches-3.2.7.tar.gz.asc create mode 100644 rsync.changes create mode 100644 rsync.keyring create mode 100644 rsync.spec create mode 100644 rsyncd create mode 100644 rsyncd.conf create mode 100644 rsyncd.rc create mode 100644 rsyncd.secrets create mode 100644 rsyncd.service create mode 100644 rsyncd.socket create mode 100644 rsyncd@.service diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/logrotate.rsync b/logrotate.rsync new file mode 100644 index 0000000..54b80ae --- /dev/null +++ b/logrotate.rsync @@ -0,0 +1,11 @@ +/var/log/rsyncd.log { + compress + dateext + maxage 365 + rotate 99 + size=+1024k + notifempty + missingok + copytruncate +} + diff --git a/rsync-3.2.7.tar.gz b/rsync-3.2.7.tar.gz new file mode 100644 index 0000000..bf5bef1 --- /dev/null +++ b/rsync-3.2.7.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb +size 1149787 diff --git a/rsync-3.2.7.tar.gz.asc b/rsync-3.2.7.tar.gz.asc new file mode 100644 index 0000000..68ab590 --- /dev/null +++ b/rsync-3.2.7.tar.gz.asc @@ -0,0 +1,6 @@ +-----BEGIN PGP SIGNATURE----- + +iF0EABECAB0WIQQASMiwJtTJbw5YnC9shZ+xS5aoxQUCY1HvAwAKCRBshZ+xS5ao +xZFiAKC3MJgYOMf5VfpfAbld/+ydZRznMQCgkF/yaDJvKMNOslSRNuMZ/eXZ84g= +=Q+uI +-----END PGP SIGNATURE----- diff --git a/rsync-fortified-strlcpy-fix.patch b/rsync-fortified-strlcpy-fix.patch new file mode 100644 index 0000000..d01d078 --- /dev/null +++ b/rsync-fortified-strlcpy-fix.patch @@ -0,0 +1,48 @@ +From 1f83963f59960150e8c46112daa8411324c1f209 Mon Sep 17 00:00:00 2001 +From: Jiri Slaby +Date: Fri, 18 Aug 2023 08:26:20 +0200 +Subject: [PATCH] exclude: fix crashes with fortified strlcpy() + +Fortified (-D_FORTIFY_SOURCE=2 for gcc) builds make strlcpy() crash when +its third parameter (size) is larger than the buffer: + $ rsync -FFXHav '--filter=merge global-rsync-filter' Align-37-43/ xxx + sending incremental file list + *** buffer overflow detected ***: terminated + +It's in the exclude code in setup_merge_file(): + strlcpy(y, save, MAXPATHLEN); + +Note the 'y' pointer was incremented, so it no longer points to memory +with MAXPATHLEN "owned" bytes. + +Fix it by remembering the number of copied bytes into the 'save' buffer +and use that instead of MAXPATHLEN which is clearly incorrect. + +Fixes #511. +--- + exclude.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/exclude.c b/exclude.c +index ffe55b167..1a5de3b9e 100644 +--- a/exclude.c ++++ b/exclude.c +@@ -720,7 +720,8 @@ static BOOL setup_merge_file(int mergelist_num, filter_rule *ex, + parent_dirscan = True; + while (*y) { + char save[MAXPATHLEN]; +- strlcpy(save, y, MAXPATHLEN); ++ /* copylen is strlen(y) which is < MAXPATHLEN. +1 for \0 */ ++ size_t copylen = strlcpy(save, y, MAXPATHLEN) + 1; + *y = '\0'; + dirbuf_len = y - dirbuf; + strlcpy(x, ex->pattern, MAXPATHLEN - (x - buf)); +@@ -734,7 +735,7 @@ static BOOL setup_merge_file(int mergelist_num, filter_rule *ex, + lp->head = NULL; + } + lp->tail = NULL; +- strlcpy(y, save, MAXPATHLEN); ++ strlcpy(y, save, copylen); + while ((*x++ = *y++) != '/') {} + } + parent_dirscan = False; diff --git a/rsync-no-libattr.patch b/rsync-no-libattr.patch new file mode 100644 index 0000000..9410aab --- /dev/null +++ b/rsync-no-libattr.patch @@ -0,0 +1,13 @@ +Index: rsync-3.2.2/configure.ac +=================================================================== +--- rsync-3.2.2.orig/configure.ac ++++ rsync-3.2.2/configure.ac +@@ -1309,7 +1309,7 @@ else + AC_DEFINE(HAVE_LINUX_XATTRS, 1, [True if you have Linux xattrs (or equivalent)]) + AC_DEFINE(SUPPORT_XATTRS, 1) + AC_DEFINE(NO_SYMLINK_USER_XATTRS, 1, [True if symlinks do not support user xattrs]) +- AC_CHECK_LIB(attr,getxattr) ++ AC_SEARCH_LIBS([getxattr], [attr]) + ;; + darwin*) + AC_MSG_RESULT(Using OS X xattrs) diff --git a/rsync-patches-3.2.7.tar.gz b/rsync-patches-3.2.7.tar.gz new file mode 100644 index 0000000..c66c0df --- /dev/null +++ b/rsync-patches-3.2.7.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e7e5e9ea0b6dd7639c7a5c6f49a1d06be20d449d59f60ba59b238e1aa79b13f0 +size 99514 diff --git a/rsync-patches-3.2.7.tar.gz.asc b/rsync-patches-3.2.7.tar.gz.asc new file mode 100644 index 0000000..f878511 --- /dev/null +++ b/rsync-patches-3.2.7.tar.gz.asc @@ -0,0 +1,6 @@ +-----BEGIN PGP SIGNATURE----- + +iF0EABECAB0WIQQASMiwJtTJbw5YnC9shZ+xS5aoxQUCY1HvAwAKCRBshZ+xS5ao +xR3uAJ46yBJwj44DSq5YGtnUJKhLHUJLjwCfbcdunUI6bpF6Yp4IGgPUSxHIsoI= +=+RP4 +-----END PGP SIGNATURE----- diff --git a/rsync.changes b/rsync.changes new file mode 100644 index 0000000..ba41ba9 --- /dev/null +++ b/rsync.changes @@ -0,0 +1,1257 @@ +------------------------------------------------------------------- +Wed Sep 6 09:52:41 UTC 2023 - David Anes + +- Rename patch to follow naming patch policies: + fortified-strlcpy-fix.patch -> rsync-fortified-strlcpy-fix.patch + +------------------------------------------------------------------- +Wed Sep 6 09:19:36 UTC 2023 - Thorsten Kukuk + +- Use "slp" for bcond, not "openslp", like we use for all other + packages, too. +- Disable slp patch and configure option if bcond slp is disabled. + +------------------------------------------------------------------- +Tue Sep 5 12:07:57 UTC 2023 - Dirk Müller + +- add fortified-strlcpy-fix.patch (bsc#1214616, bsc#1214249) + +------------------------------------------------------------------- +Tue Sep 5 11:11:04 UTC 2023 - Fabian Vogt + +- Disable openslp support on new distros (bsc#1214884) + +------------------------------------------------------------------- +Wed Jul 26 15:07:23 UTC 2023 - Antonio Teixeira + +- Add support directory to %docdir. + Includes some upstream provided scripts such as rrsync. (bsc#1212198) + +------------------------------------------------------------------- +Thu Apr 6 11:03:52 UTC 2023 - Johannes Segitz + +- Switch rsyncd symlink to a wrapper script to allow setting a distinct + SELinux type (bsc#1209654) + +------------------------------------------------------------------- +Fri Oct 21 07:52:48 UTC 2022 - Michael Ströder + +- New version fixes bug (boo#1203727): implicit containing directory + sometimes rejected as unrequested + +- update to 3.2.7 + * BUG FIXES: + - Fixed the client-side validating of the remote sender's filtering behavior. + - More fixes for the "unrequested file-list name" name, including a copy of + "/" with `--relative` enabled and a copy with a lot of related paths with + `--relative` enabled (often derived from a `--files-from` list). + - When rsync gets an unpack error on an ACL, mention the filename. + - Avoid over-setting sanitize_paths when a daemon is serving "/" (even if + "use chroot" is false). + * ENHANCEMENTS: + - Added negotiated daemon-auth support that allows a stronger checksum digest + to be used to validate a user's login to the daemon. Added SHA512, SHA256, + and SHA1 digests to MD5 & MD4. These new digests are at the highest priority + in the new daemon-auth negotiation list. + - Added support for the SHA1 digest in file checksums. While this tends to be + overkill, it is available if someone really needs it. This overly-long + checksum is at the lowest priority in the normal checksum negotiation list. + See [`--checksum-choice`](rsync.1#opt) (`--cc`) and the `RSYNC_CHECKSUM_LIST` + environment var for how to customize this. + - Improved the xattr hash table to use a 64-bit key without slowing down the + key's computation. This should make extra sure that a hash collision doesn't + happen. + - If the `--version` option is repeated (e.g. `-VV`) then the information is + output in a (still readable) JSON format. Client side only. + - The script `support/json-rsync-version` is available to get the JSON style + version output from any rsync. The script accepts either text on stdin + **or** an arg that specifies an rsync executable to run with a doubled + `--version` option. If the text we get isn't already in JSON format, it is + converted. Newer rsync versions will provide more complete json info than + older rsync versions. Various tweaks are made to keep the flag names + consistent across versions. + - The [`use chroot`](rsyncd.conf.5#) daemon parameter now defaults to "unset" + so that rsync can use chroot when it works and a sanitized copy when chroot + is not supported (e.g., for a non-root daemon). Explicitly setting the + parameter to true or false (on or off) behaves the same way as before. + - The `--fuzzy` option was optimized a bit to try to cut down on the amount of + computations when considering a big pool of files. The simple heuristic from + Kenneth Finnegan resuled in about a 2x speedup. + - If rsync is forced to use protocol 29 or before (perhaps due to talking to an + rsync before 3.0.0), the modify time of a file is limited to 4-bytes. Rsync + now interprets this value as an unsigned integer so that a current year past + 2038 can continue to be represented. This does mean that years prior to 1970 + cannot be represented in an older protocol, but this trade-off seems like the + right choice given that (1) 2038 is very rapidly approaching, and (2) newer + protocols support a much wider range of old and new dates. + - The rsync client now treats an empty destination arg as an error, just like + it does for an empty source arg. This doesn't affect a `host:` arg (which is + treated the same as `host:.`) since the arg is not completely empty. The use + of [`--old-args`](rsync.1#opt) (including via `RSYNC_OLD_ARGS`) allows the + prior behavior of treating an empty destination arg as a ".". + * PACKAGING RELATED: + - The checksum code now uses openssl's EVP methods, which gets rid of various + deprecation warnings and makes it easy to support more digest methods. On + newer systems, the MD4 digest is marked as legacy in the openssl code, which + makes openssl refuse to support it via EVP. You can choose to ignore this + and allow rsync's MD4 code to be used for older rsync connections (when + talking to an rsync prior to 3.0.0) or you can choose to configure rsync to + tell openssl to enable legacy algorithms (see below). + - A simple openssl config file is supplied that can be installed for rsync to + use. If you install packaging/openssl-rsync.cnf to a public spot (such as + `/etc/ssl/openssl-rsync.cnf`) and then run configure with the option + `--with-openssl-conf=/path/name.cnf`, this will cause rsync to export the + configured path in the OPENSSL_CONF environment variable (when the variable + is not already set). This will enable openssl's MD4 code for rsync to use. + - The packager may wish to include an explicit "use chroot = true" in the top + section of their supplied /etc/rsyncd.conf file if the daemon is being + installed to run as the root user (though rsync should behave the same even + with the value unset, a little extra paranoia doesn't hurt). + - I've noticed that some packagers haven't installed support/nameconvert for + users to use in their chrooted rsync configs. Even if it is not installed + as an executable script (to avoid a python3 dependency) it would be good to + install it with the other rsync-related support scripts. + - It would be good to add support/json-rsync-version to the list of installed + support scripts. + +------------------------------------------------------------------- +Wed Sep 14 09:23:51 UTC 2022 - David Anes + +- Use bundled SLP patch now that upstream fixed it: + * Remove rsync-3.2.5-slp.patch + +------------------------------------------------------------------- +Mon Sep 12 13:17:11 UTC 2022 - Dirk Müller + +- update to 3.2.6: + * More path-cleaning improvements in the file-list validation code to avoid + rejecting of valid args. + * A file-list validation fix for a --files-from file that ends without a + line-terminating character. + * Added a safety check that prevents the sender from removing destination + files when a local copy using --remove-source-files has some files that are + shared between the sending & receiving hierarchies, including the case + where the source dir & destination dir are identical. + * Fixed a bug in the internal MD4 checksum code that could cause the digest + to be sporadically incorrect (the openssl version was/is fine). + * A minor tweak to rrsync added "copy-devices" to the list of known args, but + left it disabled by default. + +------------------------------------------------------------------- +Fri Sep 9 08:32:28 UTC 2022 - Bernhard Wiedemann + +- Build SLE version with g++-11 + to work around nondeterministic g++-7 (boo#1193895) + +------------------------------------------------------------------- +Thu Sep 1 13:11:01 UTC 2022 - Stefan Schubert + +- Migration to /usr/etc: Saving user changed configuration files + in /etc and restoring them while an RPM update. + +------------------------------------------------------------------- +Tue Aug 16 08:19:20 UTC 2022 - David Anes + +- Add upstream patch rsync-3.2.5-slp.patch, as the one included in + the released tarball doesn't fully apply. + +- Drop patch rsync-CVE-2022-29154.patch, already included upstream. + +- Update to 3.2.5 + * SECURITY FIXES: + - Added some file-list safety checking that helps to ensure that a rogue + sending rsync can't add unrequested top-level names and/or include recursive + names that should have been excluded by the sender. These extra safety + checks only require the receiver rsync to be updated. When dealing with an + untrusted sending host, it is safest to copy into a dedicated destination + directory for the remote content (i.e. don't copy into a destination + directory that contains files that aren't from the remote host unless you + trust the remote host). Fixes CVE-2022-29154. + - A fix for CVE-2022-37434 in the bundled zlib (buffer overflow issue). + * BUG FIXES: + - Fixed the handling of filenames specified with backslash-quoted wildcards + when the default remote-arg-escaping is enabled. + - Fixed the configure check for signed char that was causing a host that + defaults to unsigned characters to generate bogus rolling checksums. This + made rsync send mostly literal data for a copy instead of finding matching + data in the receiver's basis file (for a file that contains high-bit + characters). + - Lots of manpage improvements, including an attempt to better describe how + include/exclude filters work. + - If rsync is compiled with an xxhash 0.8 library and then moved to a system + with a dynamically linked xxhash 0.7 library, we now detect this and disable + the XX3 hashes (since these routines didn't stabilize until 0.8). + * ENHANCEMENTS: + - The [`--trust-sender`](rsync.1#opt) option was added as a way to bypass the + extra file-list safety checking (should that be required). + * PACKAGING RELATED: + - A note to those wanting to patch older rsync versions: the changes in this + release requires the quoted argument change from 3.2.4. Then, you'll want + every single code change from 3.2.5 since there is no fluff in this release. + - The build date that goes into the manpages is now based on the developer's + release date, not on the build's local-timezone interpretation of the date. + * DEVELOPER RELATED: + - Configure now defaults GETGROUPS_T to gid_t when cross compiling. + - Configure now looks for the bsd/string.h include file in order to fix the + build on a host that has strlcpy() in the main libc but not defined in the + main string.h file. + +------------------------------------------------------------------- +Mon Aug 1 12:27:43 UTC 2022 - David Anes + +- Security fix: [bsc#1201840, CVE-2022-29154] + * arbitrary file write vulnerability via do_server_recv function + * Added patch rsync-CVE-2022-29154.patch + +------------------------------------------------------------------- +Tue Jun 21 10:34:12 UTC 2022 - Stefan Schubert + +- Removed %config flag for files in /usr directory. + +------------------------------------------------------------------- +Mon Jun 20 13:25:06 UTC 2022 - Stefan Schubert + +- Moved logrotate files from user specific directory /etc/logrotate.d + to vendor specific directory /usr/etc/logrotate.d. + +------------------------------------------------------------------- +Tue Apr 19 06:38:55 UTC 2022 - David Anes + +- Update to 3.2.4 + * A new form of arg protection was added that works similarly to + the older `--protect-args` (`-s`) option but in a way that + avoids breaking things like rrsync. + * A long-standing bug was preventing rsync from figuring out the + current locale's decimal point character, which made rsync + always output numbers using the "C" locale. + * Too many changes to list, see included NEWS.md file. +- Drop rsync-CVE-2020-14387.patch, already included upstream. + +------------------------------------------------------------------- +Tue Nov 16 08:59:11 UTC 2021 - Johannes Segitz + +- Added hardening to systemd service(s) (bsc#1181400). Modified: + * rsyncd.service + +------------------------------------------------------------------- +Fri Sep 4 10:25:17 UTC 2020 - Pedro Monreal + +- Security fix: [bsc#1176160, CVE-2020-14387] + * rsync-ssl: Verify the hostname in the certificate when using openssl. +- Add rsync-CVE-2020-14387.patch + +------------------------------------------------------------------- +Fri Aug 7 06:47:00 UTC 2020 - Ismail Dönmez + +- Updated to version 3.2.3 + * Fixes a memory usage regression introduced in 3.2.2 + * Too many changes to list, see included NEWS.md file. +- acls.diff, time-limit.diff and xattrs.diff are now upstream. +- Drop rsync-add_back_use_slp_directive.patch, included in upstream + slp.diff + +------------------------------------------------------------------- +Wed Aug 5 05:23:42 UTC 2020 - Ismail Dönmez + +- Add BR on c++_compiler needed for SIMD support +- Add --enable-simd configure option on x86_64 + +------------------------------------------------------------------- +Wed Aug 5 05:10:51 UTC 2020 - Ismail Dönmez + +- Change BR on xxhash-devel to pkgconfig(libxxhash) and depend + on xxhash >= 0.8.0 since this is needed for XXH3 +- Use xxhash only on suse_version >= 1550 since xxhash 0.8.0 is not + available elsewhere. + +------------------------------------------------------------------- +Tue Jul 7 08:59:17 UTC 2020 - Ismail Dönmez + +- Updated to version 3.2.2 + * Too many changes to list, see included NEWS.md file. +- Add BR on pkgconfig(openssl), rsync now uses openssl for MD4/MD5 +- Add BR on libzstd-devel and liblz4-devel to enable lz4 and zstd + compression support. +- Add BR on xxhash-devel to enable xxhash checksum support. +- Refresh rsync-add_back_use_slp_directive.patch +- Drop rsync-both-compressions.patch, rsync-send_error_to_sender.patch, + rsync-avoid-uploading-after-error.patch, + rsync-fix-prealloc-to-keep-file-size-0-when-possible.patch: + Fixed upstream. + +------------------------------------------------------------------- +Thu Jul 11 06:04:07 UTC 2019 - Antoine Belvire + +- Remove SuSEfirewall2 service since SuSEfirewall2 has been + replaced by firewalld (which already provides a rsyncd service). + +------------------------------------------------------------------- +Mon Apr 15 16:49:02 UTC 2019 - Pedro Monreal Gonzalez + +- Fixed bug numbers in spec file + +------------------------------------------------------------------- +Sat Apr 13 09:49:56 UTC 2019 - Matwey V. Kornilov + +- Add patch: rsync-fix-prealloc-to-keep-file-size-0-when-possible.patch (boo#1108562) + +------------------------------------------------------------------- +Wed Jul 11 15:02:34 CEST 2018 - kukuk@suse.de + +- Don't require systemd explicit, spec file can handle both cases + correct and in containers we don't have systemd [bsc#1100786]. + +------------------------------------------------------------------- +Tue Apr 3 15:01:42 CEST 2018 - kukuk@suse.de + +- Use %license instead of %doc [bsc#1082318] + +------------------------------------------------------------------- +Mon Jan 29 11:03:42 UTC 2018 - pmonrealgonzalez@suse.com + +- Update to version 3.1.3 [bsc#1076503]: + Protocol: 31 (unchanged) + +- SECURITY FIXES: + * Fixed a buffer overrun in the protocol's handling of xattr names and + ensure that the received name is null terminated. + * Fix an issue with --protect-args where the user could specify the arg + in the protected-arg list and short-circuit some of the arg-sanitizing + code. + +- BUG FIXES: + * Don't output about a new backup dir without appropriate info verbosity. + * Fixed some issues with the sort functions in support/rsyncstats script. + * Added a way to specify daemon config lists (e.g. users, groups, etc) + * that contain spaces (see "auth users" in the latest rsyncd.conf manpage). + * If a backup fails (e.g. full disk) rsync exits with an error. + * Fixed a problem with a doubled --fuzzy option combined with --link-dest. + * Avoid invalid output in the summary if either the start or end time had + an error. + * We don't allow a popt alias to affect the --daemon or --server options. + * Fix daemon exclude code to disallow attribute changes in addition to + disallowing transfers. + * Don't force nanoseconds to match if a non-transferred, non-checksummed + file only passed the quick-check w/o comparing nanosecods. + +- ENHANCEMENTS: + * Added the ability for rsync to compare nanosecond times in its + file-check + comparisons, and added support nanosecond times on Mac OS X. + * Added a short-option (-@) for --modify-window. + * Added the --checksum-choice=NAME[,NAME] option to choose the checksum + algorithms. + * Added hashing of xattr names (with using -X) to improve the handling of + files with large numbers of xattrs. + * Added a way to filter xattr names using include/exclude/filter rules + (see the --xattrs option in the manpage for details). + * Added "daemon chroot|uid|gid" to the daemon config (in addition to the + old chroot|uid|gid settings that affect the daemon's transfer process). + * Added "syslog tag" to the daemon configuration. + * Some manpage improvements. + +- DEVELOPER RELATED: + * Tweak the "make" output when yodl isn't around to create the man pages. + * Changed an obsolete autoconf compile macro. + * Support newer yodl versions when converting man pages. + +- Dropped patches fixed upstream: + * rsync-CVE-2017-16548.patch + * rsync-3.1.2-CVE-2018-5764.patch + +- Refreshed patches: + * rsync-send_error_to_sender.patch + +------------------------------------------------------------------- +Thu Jan 18 12:13:48 UTC 2018 - pmonrealgonzalez@suse.com + +- Security fix: Ignore --protect-args when already sent by client + [bsc#1076503, CVE-2018-5764] + * Added patch rsync-3.1.2-CVE-2018-5764.patch + +------------------------------------------------------------------- +Tue Jan 9 17:07:12 UTC 2018 - pmonrealgonzalez@suse.com + +- Fix: Stop file upload after errors [bsc#1062063] +- Added patches: + * rsync-send_error_to_sender.patch + * rsync-avoid-uploading-after-error.patch + +------------------------------------------------------------------- +Tue Nov 28 16:18:45 UTC 2017 - pmonrealgonzalez@suse.com + +- Security fix [bsc#1066644, CVE-2017-16548] + * Missing trailing '\0' character check could lead to remote DoS + * Added rsync-CVE-2017-16548.patch + +------------------------------------------------------------------- +Tue Jul 25 11:55:53 UTC 2017 - tchvatal@suse.com + +- Try more in supporting all scenarios bsc#1046197#c24 + * rsync-both-compressions.patch + +------------------------------------------------------------------- +Mon Jul 24 11:10:14 UTC 2017 - tchvatal@suse.com + +- Execute tests to ensure the basics are still working + +------------------------------------------------------------------- +Mon Jul 24 10:45:16 UTC 2017 - tchvatal@suse.com + +- Refresh patch rsync-both-compressions.patch to include + fix when using old-compress on new zlib on server too + +------------------------------------------------------------------- +Thu Jul 13 09:00:59 UTC 2017 - tchvatal@suse.com + +- Add patch to build with both bundled and external zlib to support + both compression methods at once bsc#1046197: + * rsync-both-compressions.patch + +------------------------------------------------------------------- +Wed Jun 14 12:21:21 UTC 2017 - tchvatal@suse.com + +- We no longer need to inject the pid in post as we do not use + the iniscript relying on it +- Add socket activation service instead of the xinetd service +- Verify in services the configuration to run actually exist +- Drop sle11 support as it does not autoreconf anymore +- Drop patch system-zlib.diff that was never applied +- Switch to system popt and zlib: + * This should not cause issues now because upstream states the + underlying issue why we used the bundled one was fixed by + using more safeguarded error detection + +------------------------------------------------------------------- +Wed Jan 6 10:26:26 UTC 2016 - hsk@imb-jena.de + +- update to 3.1.2 +- drop patches rsync-CVE-2014-9512.patch, + rsync-equivalent_of_CVE-2014-8242.patch (applied upstream) + +------------------------------------------------------------------- +Wed Oct 7 12:26:26 UTC 2015 - vcizek@suse.com + +- better disable slp by default, it doesn't seem to be used much + and it often caused problems (eg boo#898513, bsc#922710) + * set "use slp" in rsyncd.conf to enable + * modified rsync-add_back_use_slp_directive.patch + +------------------------------------------------------------------- +Tue Oct 6 11:16:55 UTC 2015 - vcizek@suse.com + +- add a compatibility flag to avoid checksum collisions (bsc#900914) + * fixes rsync equivalent of librsync's CVE-2014-8242 + * added rsync-equivalent_of_CVE-2014-8242.patch +- modify rsync-add_back_use_slp_directive.patch + +------------------------------------------------------------------- +Tue Aug 11 09:40:36 UTC 2015 - vcizek@suse.com + +- reintroduce "use slp" directive (bsc#922710) + * added rsync-add_back_use_slp_directive.patch + +------------------------------------------------------------------- +Wed Feb 25 02:23:49 UTC 2015 - crrodriguez@opensuse.org + +- rsync-no-libattr.patch: Use AC_SEARCH_LIBS([getxattr], [attr]) + instead of AC_CHECK_LIB(attr,getxattr) so libattr is + not injected as a dependency when glibc is enough since + several years to use getxattr. + +------------------------------------------------------------------- +Mon Feb 2 18:42:25 UTC 2015 - vcizek@suse.com + +- fix for CVE-2014-9512 (bnc#915410) + * path spoofing attack vulnerability + * added rsync-CVE-2014-9512.patch + +------------------------------------------------------------------- +Fri Nov 14 09:19:05 UTC 2014 - dimstar@opensuse.org + +- No longer perform gpg validation; osc source_validator does it + implicit: + + Drop gpg-offline BuildRequires. + + No longer execute gpg_verify. + +------------------------------------------------------------------- +Sun Oct 19 13:38:21 UTC 2014 - p.drouand@gmail.com + +- Do not depend on insserv if the system supports systemd; it's + useless + +------------------------------------------------------------------- +Thu Jul 10 15:28:03 UTC 2014 - kruber@zib.de + +- update to 3.1.1 +- drop rsync-CVE-2014-2855.patch (applied upstream) +- drop 0001-use-lp_num_modules-instead-of-the-removed-lp_numserv.patch + (applied upstream) + +------------------------------------------------------------------- +Fri Jun 20 21:11:04 UTC 2014 - crrodriguez@opensuse.org + +- Remove sysvinit support on distros that have systemd +- Remove libattr-devel from buildRequires, application does + not link to libattr but it picks the glibc implementation + instead. + +------------------------------------------------------------------- +Tue Apr 15 14:57:34 UTC 2014 - vcizek@suse.com + +- fix for CVE-2014-2855 (bnc#873740) + * a denial of service via CPU consumption + * added rsync-CVE-2014-2855.patch + +------------------------------------------------------------------- +Fri Oct 25 12:25:26 UTC 2013 - vcizek@suse.com + +- update to 3.1.0 + * fixes bnc#845185 +- don't apply drop-cache.patch (removed from upstream) +- add 0001-use-lp_num_modules-instead-of-the-removed-lp_numserv.patch +- add gpg-offline tarball checking + +------------------------------------------------------------------- +Mon Aug 5 12:06:32 UTC 2013 - vcizek@suse.com + +- add time-limit.patch from co-distributed rsync-patches as we do + on SLE (fate#312479) + +------------------------------------------------------------------- +Sun Jun 16 23:59:28 UTC 2013 - jengelh@inai.de + +- Explicitly list libattr-devel as BuildRequires +- More robust make install call. Remove redundant %clean section. + +------------------------------------------------------------------- +Fri Apr 5 12:33:30 UTC 2013 - idonmez@suse.com + +- Add Source URL, see https://en.opensuse.org/SourceUrls + +------------------------------------------------------------------- +Thu Jul 26 20:46:02 UTC 2012 - crrodriguez@opensuse.org + +- All daemons that create temporary files must have + PrivateTmp=true set in systemd unit if possible. + +------------------------------------------------------------------- +Sun Feb 5 23:25:26 UTC 2012 - crrodriguez@opensuse.org + +- Build with PIE and full RELRO + +------------------------------------------------------------------- +Wed Dec 21 10:42:30 UTC 2011 - coolo@suse.com + +- add autoconf as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Fri Nov 25 01:38:07 UTC 2011 - crrodriguez@opensuse.org + +- Add systemd unit +- Do not BuildRequire textlive + +------------------------------------------------------------------- +Wed Oct 12 03:40:40 UTC 2011 - crrodriguez@opensuse.org + +- Update to version 3.0.9 + * Apply drop-cache patch from rsync-patches tarball, adds option + --drop-cache so rsync is drop the memory cache of files when + finished (aka. stop trashing the system) + * Fix a crash bug in checksum scanning when --inplace is used. + * Fix a memory leak in the xattr code. + * See NEWS for more detail + +------------------------------------------------------------------- +Thu May 12 13:08:59 UTC 2011 - chris@computersalat.de + +- fix build for SLE (spec-cleaner changes) + o makeinstall, _initddir + +------------------------------------------------------------------- +Thu May 5 14:43:40 UTC 2011 - puzel@novell.com + +- updated summary (bnc#691944) and description + +------------------------------------------------------------------- +Tue Mar 29 13:53:04 UTC 2011 - puzel@novell.com + +- update to rsync-3.0.8 + - Notable changes: + - Fixed two buffer-overflow issues. + - Fixed a data-corruption issue when preserving hard-links + without preserving file ownership, and doing deletions either + before or during the transfer (CVE-2011-1097). + - Fixed a potential crash when an rsync daemon has a + filter/exclude list and the transfer is using ACLs or xattrs. + - Fixed a hang if a really large file is being processed by an + rsync that can't handle 64-bit numbers. + - For devices and special files, we now avoid gathering useless + ACL and/or xattr information for files that aren't being + copied. + - Properly handle requesting remote filenames that start with a + dash. + - Fixed a bug in the comparing of upper-case letters in file + suffixes for --skip-compress. + - If an rsync daemon has a module configured without a path + setting, rsync will now disallow access to that module. + - Some improvements to the hard-linking code to ensure that + device-number hashing is working right, and to supply more + information if the hard-link code fails. + - Fixed a bug that prevented --numeric-ids from disabling the + translation of user/group IDs for ACLs. + - The --link-dest checking for identical symlinks now avoids + considering attribute differences that cannot be changed on the + receiver. + - Fixed a bug with --fake-super when copying files and dirs that + aren't user writable. + - Fixed a bug where a sparse file could have its last sparse + block turned into a real block when rsync sets the file size + (requires ftruncate). + - Fixed the working of --force when used with --one-file-system. + - Various manpage improvements. +- run spec-cleaner + +------------------------------------------------------------------- +Sun Sep 19 10:55:59 UTC 2010 - jengelh@medozas.de + +- rsyncd.rc changes: +* Do not use killproc -TERM, but just killproc, so that killproc + waits until the service is actually shut down, before attempting + to restart it (when "restart" is used). Fixes bnc#546977. +* Change the "reload" action to return "missing" because rsyncd + does not handle SIGHUP +* Adjust "force-reload" accordingly + +------------------------------------------------------------------- +Mon Jan 4 14:21:21 UTC 2010 - puzel@novell.com + +- update to rsync-3.0.7 + - Fixed a bogus free when using --xattrs with --backup. + - Avoid an error when --dry-run was trying to stat a prior hard-link + file that hasn't really been created. + - Fixed a problem with --compress (-z) where the receiving side could + return the error "inflate (token) returned -5". + - Fixed a bug where --delete-during could delete in a directory before + it noticed that the sending side sent an I/O error for that + directory (both sides of the transfer must be at least 3.0.7). + - Improved --skip-compress's error handling of bad character-sets and + got rid of a lingering debug fprintf(). + - Fixed the daemon's conveyance of io_error value from the sender. + - An rsync daemon use seteuid() (when available) if it used setuid(). + - Get the permissions right on a --fake-super transferred directory + that needs more owner permissions to emulate root behavior. + - An absolute-path filter rule (i.e. with a '/' modifier) no longer + loses its modifier when sending the filter rules to the remote + rsync. + - Improved the "--delete does not work without -r or -d" message. + - Improved rsync's handling of --timeout to avoid a weird timeout case + where the sender could timeout even though it has recently written + data to the socket (but hasn't read data recently, due to the + writing). + - Some misc manpage improvements. + - Fixed the chmod-temp-dir testsuite on a system without /var/tmp. + - Make sure that a timeout specified in the daemon's config is used as + a maximum timeout value when the user also specifies a timeout. + - Improved the error-exit reporting when rsync gets an error trying to + cleanup after an error: the initial error is reported. + - The AIX sysacls routines will now return ENOSYS if ENOTSUP is + missing. + - Made our (only used if missing) getaddrinfo() routine use + inet_pton() (which we also provide) instead of inet_aton(). + - The exit-related debug messages now mention the program's role so it + is clear who output what message. + +------------------------------------------------------------------- +Fri Aug 21 11:09:20 UTC 2009 - chris@computersalat.de + +- spec mods + o sorted TAGS + o added missing clean section +- rpmlint + o non-conffile-in-etc /etc/sysconfig/SuSEfirewall2.d/services/rsync-server + +------------------------------------------------------------------- +Wed Aug 5 11:24:00 CEST 2009 - puzel@novell.com + +- bump version to 3.0.6 +- drop rsync-allow-slp-disable.patch (merged upstream) + +------------------------------------------------------------------- +Tue May 5 15:29:12 CEST 2009 - puzel@suse.cz + +- add rsync-allow-slp-disable.patch (FATE#306331) + +------------------------------------------------------------------- +Thu Apr 16 12:16:41 CEST 2009 - puzel@suse.cz + +- update to 3.0.6pre1 (bugfix release) +- noteworthy changes: + - Fixed a --read-batch hang when rsync is reading a batch file that was + created from an incremental-recursion transfer + - Fixed the daemon's socket code to handle the simultaneous arrival of + multiple connections. + - Fix --safe-links/--copy-unsafe-links to properly handle symlinks that + have consecutive slashes in the value. + - Fixed the parsing of an [IPv6_LITERAL_ADDR] when a USER@ is prefixed. + - The sender now skips a (bogus) symlink that has a 0-length value, which + avoids a transfer error in the receiver. + - Fixed a case where the sender could die with a tag-0 error if there was + an I/O during the sending of the file list. + - Fixed the rrsync script to avoid a server-side problem when -e is at the + start of the short options. + - Fixed a problem where a vanished directory could turn into an exit code + 23 instead of the proper exit code 24. + - Fixed the --iconv conversion of symlinks when doing a local copy. + receiving side when a mount-point directory did not match a directory in + the transfer. + - Fixed the dropping of an ACL mask when no named ACL values were present. + - Fixed an ACL/xattr corruption issue where the --backup option could cause + rsync to associate the wrong ACL/xattr information with received files. + - Fixed the use of --xattrs with --only-write-batch. + - Fixed the use of --dry-run with --read-batch. + - Fixed a run-time issue for systems that can't find iconv_open() by adding + the --disable-iconv-open configure option. + - Complain and die if the user tries to combine --remove-source-files (or + the deprecated --remove-sent-files) with --read-batch. + +------------------------------------------------------------------- +Tue Mar 24 11:16:57 CET 2009 - puzel@suse.cz + +- add rsync-3.0.5-doc-fix.patch (bnc#487591) + +------------------------------------------------------------------- +Thu Feb 19 14:34:05 CET 2009 - puzel@suse.cz + +- update to 3.0.5 + - initialize xattr data in a couple spots in the hlink code, which avoids a + crash when the xattr pointer's memory happens to start out non-zero + - don't send a bogus "-" option to an older server if there were no short + options specified - fixes (bnc#476379) + - fixed skipping of unneeded updates in a batch file when incremental + recursion is active + - fix the %P logfile escape when the daemon logs from inside a chroot. + - fixed the use of -s (--protect-args) when used with a remote source or + destination that had an empty path (e.g. "host:") + - fixed the use of a dot-dir path (e.g. foo/./bar) inside a --files-from + file when the root of the transfer isn't the current directory + - fixed a bug with "-K --delete" removing symlinks to directories when + incremental recursion is active + - fixed a hard to trigger hang when using --remove-source-files + - got rid of an annoying delay when accessing a daemon via a remote-shell + - properly ignore (superfluous) source args on a --read-batch command + - improved the manpage's description of the '*' wildcard to remove the + confusing "non-empty" qualifier + - fixed reverse lookups in the compatibility-library version of + getnameinfo() + - fixed a bug when using --sparse on a sparse file that has over 2GB of + consecutive sparse data + - avoid a hang when using at least 3 --verbose options on a transfer with a + client sender (which includes local copying) + - fixed a problem with --delete-delay reporting an error when it was ready + to remove a directory that was now gone + - got rid of a bunch of "warn_unused_result" compiler warnings + - if an ftruncate() on a received file fails, it now causes a partial- + transfer warning +- add SuSEfirewall2 rule (bnc#251657) + +------------------------------------------------------------------- +Wed Oct 8 17:48:39 CEST 2008 - puzel@suse.cz + +- fix build: do not run tests as they fail in chrooted environment + +------------------------------------------------------------------- +Mon Sep 22 13:24:57 CEST 2008 - puzel@suse.cz + +- update to 3.0.4 + - update to stable release +- removed rsync-3.0.4pre2-xattrs-test-fix.patch + - fixed in upstream + +------------------------------------------------------------------- +Thu Sep 4 12:29:19 CEST 2008 - puzel@suse.cz + +- update to 3.0.4pre2 + - Fixed the handling of a --partial-dir that cannot be created. + - Fixed a couple issues in the --fake-super handling of xattrs when the + destination files have root-level attributes (e.g. selinux values) that + a non-root copy can't affect. + - The --iconv option now converts the content of a symlink too, instead + of leaving it in the wrong character-set. + - Fixed a bug where --delete-during could delete in a directory before it + noticed that the sending side sent an I/O error for that directory. + - Fixed a crash bug in the hard-link code. + - Fixed the sending of xattr directory information when the code finds a + --link-dest or --copy-dest directory with unchanged xattrs + - Fixed deletion handling when copying a single, empty directory (with no + files) to a differently named, non-existent directory. + - too many other changes and fixes - please, see NEWS and NEWS-rsync-3.0.3 + files +- specfile fixes : + - use %configure and %makeinstall macros + - use %_bindir and %sbindir macros +- removed lutimes-hack.diff (not needed anymore) +- removed rsync-patches-3.0.2.dif (fixed in upstream) + +------------------------------------------------------------------- +Tue Aug 12 10:10:06 CEST 2008 - puzel@suse.cz + +- rsyncd.rc: use Should-Start instead of X-UnitedLinux-Should-Start +- specfile fixes: + * added Should-Stop + * 'make test' moved to %check + * recommend logrotate + +------------------------------------------------------------------- +Mon Apr 14 11:43:03 CEST 2008 - ro@suse.de + +- update to version 3.0.2 + - Fixed a potential buffer overflow in the xattr code. +- update to version 3.0.1 + - Added the 'c'-flag to the itemizing of non-regular files so that the + itemized output doesn't get hidden if there were no attribute changes, + and also so that the itemizing of a --copy-links run will distinguish + between copying an identical non-regular file and the creation of a + revised version with a new value (e.g. a changed symlink referent, a + new device number, etc.). + - quite a lot of other bugfixes, please see OLDNEWS file + +------------------------------------------------------------------- +Tue Mar 11 01:23:13 CET 2008 - ro@suse.de + +- update to version 3.0.0 (shortened, more details see NEWS file) + - The handling of implied directories when using --relative has changed to + send them as directories (e.g. no implied dir is ever sent as a symlink). + - Requesting a remote file-listing without specifying -r (--recursive) now + sends the -d (--dirs) option to the remote rsync rather than sending -r + along with an extra exclude of /*/*. + - In --dry-run mode, the last line of the verbose summary text is output + with a "(DRY RUN)" suffix to help remind you that no updates were made. + Similarly, --only-write-batch outputs "(BATCH ONLY)". + - A writable rsync daemon with "use chroot" disabled now defaults to a + symlink-munging behavior designed to make symlinks safer while also + allowing absolute symlinks to be stored and retrieved. + - Starting up an extra copy of an rsync daemon will not clobber the pidfile + for the running daemon -- if the pidfile exists, the new daemon will exit + with an error. + +- re-applied patches from upstream kit: + - acls.diff,xattrs.diff,slp.diff +- removed patches: + - rsync-overlong.patch (upstream code cleaned up) + - lutimes-hack.diff (should not be needed any more) + - rsync-fix_fuzzy.patch (fixed upstream) + - rsync-hlink_crash.patch (upstream cleaned up) + - munge-symlinks-2.6.9.diff (integrated upstream) + +------------------------------------------------------------------- +Tue Dec 4 18:07:36 CET 2007 - ro@suse.de + +- added munge-symlinks patch (#345507) CVE-2007-6199 + +------------------------------------------------------------------- +Thu Nov 8 16:45:30 CET 2007 - ro@suse.de + +- fix uninitialized struct sx in hlink.c:hard_link_cluster + to prevent crash when using acls (#338358) + +------------------------------------------------------------------- +Fri Sep 14 15:03:17 CEST 2007 - ro@suse.de + +- fix (#300526) restart will start standalone rsync if running + under xinetd + - use a pid file for rsyncd in init script so that rcrsyncd + will not show status running for an rsync started by xinetd + - insert "pid file" entry into rsyncd.conf if not present + +------------------------------------------------------------------- +Wed Sep 12 15:51:20 CEST 2007 - dmueller@suse.de + +- build parallel +- fix hardlinks accross partition + +------------------------------------------------------------------- +Mon Sep 10 17:30:57 CEST 2007 - ro@suse.de + +- fix abort in rsync when acls and fuzzy are used together + (#306263) + +------------------------------------------------------------------- +Fri Aug 17 15:03:44 CEST 2007 - cthiel@suse.de + +- added lutimes-hack.diff to work around a glibc bug in lutimes.c + +------------------------------------------------------------------- +Thu Aug 2 13:52:28 CEST 2007 - ro@suse.de + +- protect from overlong filenames (#294073) CVE-2007-4091 + +------------------------------------------------------------------- +Mon May 14 12:50:38 CEST 2007 - mrueckert@suse.de + +- make build work on older distros again. + +------------------------------------------------------------------- +Tue May 8 16:23:34 CEST 2007 - dmueller@suse.de + +- use builtin zlib copy again + +------------------------------------------------------------------- +Mon May 7 23:34:40 CEST 2007 - dmueller@suse.de + +- update to 2.6.9: + * several important bugfixes + * new features, see included NEWS file +- build against system zlib instead of own zlib copy +- build against system popt instead of own popt copy + +------------------------------------------------------------------- +Wed Apr 18 22:25:38 CEST 2007 - aj@suse.de + +- Use texlive for building. + +------------------------------------------------------------------- +Tue Sep 12 15:42:00 CEST 2006 - ro@suse.de + +- apply fix for xattr.diff from rsync mailing list + +------------------------------------------------------------------- +Tue Aug 22 14:41:11 CEST 2006 - ro@suse.de + +- apply patches/xattr.diff as well (fate#300565) + +------------------------------------------------------------------- +Thu Aug 10 13:38:33 CEST 2006 - dmueller@suse.de + +- fix rc script error code when there's an error in the config + file (#198406) + +------------------------------------------------------------------- +Wed Jun 21 11:56:38 CEST 2006 - ro@suse.de + +- added tag-3 patch from cvs (will be in 2.6.9) + to avoid aborts with "unexpected tag 3" + +------------------------------------------------------------------- +Mon Jun 12 01:55:55 CEST 2006 - ro@suse.de + +- update to version 2.6.8 + - use slp patch as included upstream + - several bugfixes + - errors now include version number + - special files as pipes now printed as "S", no longer "D" + - escaping of unreadable chars has changed + - new --append, --min-size and --prune-empty-dirs options + +------------------------------------------------------------------- +Tue Apr 18 15:17:19 CEST 2006 - ro@suse.de + +- ignore testsuite failure on s390x (filesystem mtimes) + +------------------------------------------------------------------- +Wed Jan 25 21:41:13 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Thu Jan 19 00:04:48 CET 2006 - schwab@suse.de + +- Don't strip binaries. + +------------------------------------------------------------------- +Fri Oct 14 12:19:33 CEST 2005 - ro@suse.de + +- fix problem in configure to re-enable ACLs (#128323) + +------------------------------------------------------------------- +Tue Aug 2 12:25:35 CEST 2005 - ro@suse.de + +- added acl-fix.patch from wayne to make testsuite pass with acls + +------------------------------------------------------------------- +Fri Jul 29 02:09:54 CEST 2005 - ro@suse.de + +- update to 2.6.6 + +------------------------------------------------------------------- +Mon Jun 6 16:49:10 CEST 2005 - ro@suse.de + +- update to 2.6.5 +- use acl patch as shipped in rsync/patches directory + +------------------------------------------------------------------- +Fri Feb 18 12:46:36 CET 2005 - mmj@suse.de + +- Glibc doesn't cache the timezone as much as it used to, so export + the TZ variable after doing chroot. [#49878] + +------------------------------------------------------------------- +Thu Feb 10 02:40:51 CET 2005 - ro@suse.de + +- added libpng to neededforbuild (for tetex) + +------------------------------------------------------------------- +Wed Dec 1 17:26:45 CET 2004 - ro@suse.de + +- re-register before SLP really times out + +------------------------------------------------------------------- +Wed Dec 1 15:27:06 CET 2004 - ro@suse.de + +- re-worked slp.diff + do not use a timer but hook into central select call + +------------------------------------------------------------------- +Thu Nov 11 17:39:50 CET 2004 - ro@suse.de + +- update to 2.6.3 final + +------------------------------------------------------------------- +Mon Aug 16 20:35:57 CEST 2004 - bk@suse.de + +- updated to 2.6.3-pre1, which is currently in release-testing + (and includes a security fix) + +------------------------------------------------------------------- +Fri Jul 23 11:30:12 CEST 2004 - ro@suse.de + +- fixing problems apparently introduced with the update to 2.6.2: +- fix from cvs to not abort trying to create already created + backup directories (#42780) +- fix from cvs to avoid crash on large trees (#42933) + +------------------------------------------------------------------- +Mon May 10 18:38:40 CEST 2004 - ro@suse.de + +- update to 2.6.2 / ported patches +- fixes a problem with non-chroot modules + +------------------------------------------------------------------- +Thu Apr 1 12:13:06 CEST 2004 - mls@suse.de + +- fix hostname calculation in slp registration code + +------------------------------------------------------------------- +Tue Mar 16 12:44:20 CET 2004 - ro@suse.de + +- add -4 and -6 options to manpage (#36144) + +------------------------------------------------------------------- +Tue Jan 13 16:56:54 CET 2004 - ro@suse.de + +- update to version 2.6.0 + +------------------------------------------------------------------- +Thu Dec 4 12:22:05 CET 2003 - ro@suse.de + +- update to real 2.5.7 + +------------------------------------------------------------------- +Thu Dec 4 10:36:27 CET 2003 - okir@suse.de + +- fix heap overflow (#33478) + +------------------------------------------------------------------- +Sun Nov 23 18:46:28 CET 2003 - adrian@suse.de + +- add patch for SLP support, based on Brad Hards demo implementation + +------------------------------------------------------------------- +Thu Nov 6 17:03:34 CET 2003 - schwab@suse.de + +- Fix quoting in configure script. + +------------------------------------------------------------------- +Fri Oct 24 12:13:59 CEST 2003 - ro@suse.de + +- added make test +- added acl patch, build with acl support + +------------------------------------------------------------------- +Fri Oct 17 11:51:23 CEST 2003 - ro@suse.de + +- don't build as root + +------------------------------------------------------------------- +Mon Aug 18 17:57:59 CEST 2003 - ro@suse.de + +- added stop_on_removal and restart_on_update macro calls + +------------------------------------------------------------------- +Tue May 13 00:25:51 CEST 2003 - ro@suse.de + +- use defattr + +------------------------------------------------------------------- +Wed Mar 5 14:57:57 CET 2003 - ro@suse.de + +- add xinetd-config to filelist + +------------------------------------------------------------------- +Tue Jan 28 12:05:30 CET 2003 - ro@suse.de + +- update to 2.5.6 +- can combine ssh and daemon access +- supports URL like syntax rsync:// +- IPv6 support in hosts.allow/deny +- recursive hang fixed upstream + +------------------------------------------------------------------- +Fri Jan 24 11:48:54 CET 2003 - ro@suse.de + +- added xinetd-config snippet + +------------------------------------------------------------------- +Wed Jan 15 12:51:34 CET 2003 - ro@suse.de + +- added logrotate config + +------------------------------------------------------------------- +Tue Oct 8 14:01:34 CEST 2002 - ro@suse.de + +- fix recursive hangup in server process on broken pipe + +------------------------------------------------------------------- +Wed Aug 14 11:15:11 CEST 2002 - poeml@suse.de + +- fix comment in init script + +------------------------------------------------------------------- +Thu Aug 1 17:33:29 CEST 2002 - ro@suse.de + +- use BuildRoot +- added PreReqs + +------------------------------------------------------------------- +Mon Jul 22 10:03:29 CEST 2002 - kukuk@suse.de + +- Don't source /etc/rc.config in init script [Bug 17123] + +------------------------------------------------------------------- +Mon Jun 17 15:15:52 CEST 2002 - ro@suse.de + +- update to 2.5.5 + setgroups patch removed, has been integrated + zfree patch removed, rsync has current zlib fixes + unsigned patch removed, has been integrated + +------------------------------------------------------------------- +Wed Mar 6 14:46:29 CET 2002 - okir@suse.de + +- applied setgroups security fix + +------------------------------------------------------------------- +Fri Feb 8 11:00:00 CET 2002 - okir@suse.de + +- applied zlib security fix + +------------------------------------------------------------------- +Wed Feb 6 14:21:19 CET 2002 - ro@suse.de + +- make rsyncd a hardlink (#13041) + +------------------------------------------------------------------- +Fri Feb 1 11:55:30 CET 2002 - ro@suse.de + +- added patch for segmentation fault + +------------------------------------------------------------------- +Mon Jan 21 17:09:58 MET 2002 - draht@suse.de + +- corrected diff for log.c + +------------------------------------------------------------------- +Mon Jan 21 00:08:25 CET 2002 - ro@suse.de + +- applied security patch for various signed/unsigned fixes + +------------------------------------------------------------------- +Fri Dec 14 01:33:54 CET 2001 - ro@suse.de + +- removed START_RSYNCD + +------------------------------------------------------------------- +Tue Aug 28 15:01:10 CEST 2001 - ro@suse.de + +- on uninstall, call insserv to cleanup + +------------------------------------------------------------------- +Tue Aug 28 13:02:35 CEST 2001 - ro@suse.de + +- added rc-script and rc-config variable START_RSYNCD + if someone wants to run rsyncd standalone (w/o inetd) (#9496) + +------------------------------------------------------------------- +Mon Sep 25 15:31:45 CEST 2000 - ro@suse.de + +- sorted + +------------------------------------------------------------------- +Wed Sep 13 13:51:34 CEST 2000 - aj@suse.de + +- Work with LFS; fix spec file to not print while building. + +------------------------------------------------------------------- +Mon Sep 11 14:24:35 CEST 2000 - ro@suse.de + +- update to 2.4.6 + +------------------------------------------------------------------- +Fri Aug 18 01:59:08 CEST 2000 - ro@suse.de + +- update to 2.4.4 + +------------------------------------------------------------------- +Thu Jan 20 14:28:39 CET 2000 - aj@suse.de + +- rsync 2.3.2, install man pages -> /usr/share/man. + +------------------------------------------------------------------- +Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de + +- ran old prepare_spec on spec file to switch to new prepare_spec. + +------------------------------------------------------------------- +Fri Aug 13 15:16:27 MEST 1999 - fehr@suse.de + +- update to 2.3.1 +- added rsyncstats shell script + +------------------------------------------------------------------- +Thu Dec 17 16:21:44 MET 1998 - ro@suse.de + +- update to 2.2.1 + +------------------------------------------------------------------- +Sat Nov 28 22:02:28 MET 1998 - bs@suse.de + +- added symlink /usr/sbin/rsyncd (to let it work with tcpd) +- added example configs + +------------------------------------------------------------------- +Tue Nov 24 10:20:14 MET 1998 - ro@suse.de + +- update to 2.2.0 + +------------------------------------------------------------------- +Sat Sep 19 19:29:34 MEST 1998 - ro@suse.de + +- defined _GNU_SOURCE where getopt_long is needed + +------------------------------------------------------------------- +Mon Aug 24 12:17:19 MEST 1998 - ro@suse.de + +- update to 2.1.0 + added manpage for rsyncd.conf + +------------------------------------------------------------------- +Tue May 12 11:29:45 MEST 1998 - ro@suse.de + +- update to 1.7.4 + generate tech_report.ps from tex-src + +------------------------------------------------------------------- +Mon Nov 10 22:38:30 MET 1997 - kfr@suse.de + +- first version for S.u.S.E. (1.6.3) + diff --git a/rsync.keyring b/rsync.keyring new file mode 100644 index 0000000..cc99196 --- /dev/null +++ b/rsync.keyring @@ -0,0 +1,32 @@ +pub 1024D/4B96A8C5 2003-12-19 +uid Wayne Davison +uid Wayne Davison +sub 1024g/29C67D63 2003-12-19 + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2.0.9 (GNU/Linux) + +mQGiBD/ja2cRBACZqtQ/VnuWd2TA/T4nFitXPOF//7uterTWZVMDBrSE3tJdW1lv +90z2g2RJKktJTC3yjs82IH6wWvvFsHDPGXQRuoBr0dPYHBaVhKX85uewigHiE2M1 +1Ub8Vv1c/JDGAh1cNmCAWazghV+emamrWJWq0f0hz5eqq4LCcPwo4riUVwCg9W37 +YAR8Z4NHa6FWjrEKjl2NIMUD/iXJnp6qJFMK9Fs+2dWyL1m/mRb0h+I/cqgpkUvo +gRhL95Jttg2QQtXJWCsB3hA/L/2Iu2bV8iS1aRlZQsAWogA3/m56ROs8cIyN4ouj +1dpPoG7sKGA8BTvXxuSF9l6ngx7208iX+xiQCDeGfBtBFBy70iJxTFGzp2mP3IiP +pwWtBACJ6l8UPwSRmp0Hz/N6H4RkzqGQnvYsMba/uPkRYou/14JsEGCQqjSB99UX +hsPg9wubCEpo3YFTf1p1j3OlbOhiiMkRFwyYaT1fqGjQK0w8hQ1yXHxbXffnz6e3 +gKELz7fNQxS0L/tZkNOT7uyGuwnPsUDCBAzDPMwYVIFRo+MKZLQgV2F5bmUgRGF2 +aXNvbiA8d2F5bmVkQHNhbWJhLm9yZz6IWwQTEQIAGwUCP+NrZwYLCQgHAwIDFQID +AxYCAQIeAQIXgAAKCRBshZ+xS5aoxbKaAJ98/UHW+BAmnsWCvCXYw5xAvjKQuwCg +7rJUYSl3xpb6YmIaBbyyw5QTKiC0LFdheW5lIERhdmlzb24gPHdheW5lZEB1c2Vy +cy5zb3VyY2Vmb3JnZS5uZXQ+iF4EExECAB4FAkFgW4ACGwMGCwkIBwMCAxUCAwMW +AgECHgECF4AACgkQbIWfsUuWqMXxFQCg9Dgb5SnWZroPGl25DL2OYFHdqV4An0N2 +QQj0mVi18JgadtS4xv7yNiDauQENBD/ja3EQBADkZadXo4zP2P9XjCP9jCel2hIp +E/khYifgu8sLYQ3VOaVM6iczw71a+iM3C44CddioGNv0svJ/cEttbtAE5zZIfqm0 +Rd/CYR+kqOkUydss736olRh+4lXLi9dAzDwHoEmlO+i95V6bDdSCAF9+XLhpfUY/ +xtgistlUGTd+wyeQMwADBQP9HXUGOcR18VJsQtFOmXaXv9MSKZYMjCf9R5Z7gcPF +PSIWINyUvMEgnLIrUKJ7pgoA6cLDnYm/lBVP801u5C+D4s79oCnjS21wlOxA2Go0 +hxG6XpT9mwBOWk4uZUK+g8Emeu7Vi6l3XwH8fACdCIfp3wKlqH/qtkqN7Gts95TM +59uIRgQYEQIABgUCP+NrcQAKCRBshZ+xS5aoxUisAKC2tk0y7PNjh9C9vbfx3fdA +gqiD8gCgg6qjwVbeddcrA0a84BB3zXnb93A= +=0IcW +-----END PGP PUBLIC KEY BLOCK----- diff --git a/rsync.spec b/rsync.spec new file mode 100644 index 0000000..50bd30d --- /dev/null +++ b/rsync.spec @@ -0,0 +1,204 @@ +# +# spec file for package rsync +# +# Copyright (c) 2023 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%if 0%{?suse_version} >= 1550 +%bcond_without xxhash +%else +%bcond_with xxhash +%endif + +%if 0%{?suse_version} < 1550 +%bcond_without gcc11 +%else +%bcond_with gcc11 +%endif + +%if 0%{?suse_version} < 1600 +%bcond_without slp +%else +%bcond_with slp +%endif + +Name: rsync +Version: 3.2.7 +Release: 0 +Summary: Versatile tool for fast incremental file transfer +License: GPL-3.0-or-later +Group: Productivity/Networking/Other +URL: https://rsync.samba.org/ +Source: https://rsync.samba.org/ftp/rsync/src/rsync-%{version}.tar.gz +Source1: https://rsync.samba.org/ftp/rsync/src/rsync-patches-%{version}.tar.gz +Source2: logrotate.rsync +Source3: rsyncd.socket +Source4: rsyncd.rc +Source5: rsyncd.conf +Source6: rsyncd.secrets +Source8: rsyncd.service +Source9: rsyncd@.service +Source10: https://rsync.samba.org/ftp/rsync/src/rsync-%{version}.tar.gz.asc +Source11: https://rsync.samba.org/ftp/rsync/src/rsync-patches-%{version}.tar.gz.asc +Source12: %{name}.keyring +Source13: rsyncd +Patch0: rsync-no-libattr.patch +Patch1: rsync-fortified-strlcpy-fix.patch +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: c++_compiler +BuildRequires: libacl-devel +BuildRequires: liblz4-devel +BuildRequires: libzstd-devel +BuildRequires: pkgconfig +BuildRequires: popt-devel +BuildRequires: systemd-rpm-macros +BuildRequires: zlib-devel +%if %{with xxhash} +BuildRequires: pkgconfig(libxxhash) >= 0.8.0 +%endif +%if %{with gcc11} +BuildRequires: gcc11-c++ +%endif +%if %{with slp} +BuildRequires: openslp-devel +%endif +BuildRequires: pkgconfig(openssl) +Requires(post): grep +Requires(post): sed +Recommends: logrotate + +%description +Rsync is a fast and extraordinarily versatile file copying tool. It can copy +locally, to/from another host over any remote shell, or to/from a remote rsync +daemon. It offers a large number of options that control every aspect of its +behavior and permit very flexible specification of the set of files to be +copied. It is famous for its delta-transfer algorithm, which reduces the amount +of data sent over the network by sending only the differences between the +source files and the existing files in the destination. Rsync is widely used +for backups and mirroring and as an improved copy command for everyday use. + +%prep +%setup -q -b 1 +rm -f zlib/*.h zlib/*.c + +%if %{with slp} +patch -p1 < patches/slp.diff +%endif + +%autopatch -p1 + +%build +autoreconf -fiv +%if %{with gcc11} +export CC=gcc-11 +export CXX=g++-11 +%endif +export CFLAGS="%{optflags} -fPIC -DPIC -fPIE" +export CXXFLAGS="$CFLAGS" +export LDFLAGS="-Wl,-z,relro,-z,now -fPIE -pie" +%configure \ + --with-included-popt=no \ + --with-included-zlib=no \ + --disable-debug \ +%if !%{with xxhash} + --disable-xxhash\ +%endif +%ifarch x86_64 + --enable-simd \ +%endif +%if %{with slp} + --enable-slp \ +%endif + --enable-acl-support \ + --enable-xattr-support +%make_build reconfigure +%make_build + +%check +%make_build check +chmod -x support/* + +%install +%make_install +rm -f %{buildroot}%{_sbindir}/rsyncd +install -d %{buildroot}%{_sysconfdir}/init.d +install -d %{buildroot}%{_sysconfdir}/xinetd.d +install -d %{buildroot}%{_sbindir} +install -m 755 %{SOURCE13} %{buildroot}%{_sbindir}/rsyncd +install -m 755 support/rsyncstats %{buildroot}%{_bindir} +%if 0%{?suse_version} > 1500 +install -d %{buildroot}%{_distconfdir}/logrotate.d +install -m 644 %{SOURCE2} %{buildroot}%{_distconfdir}/logrotate.d/rsync +%else +install -d %{buildroot}%{_sysconfdir}/logrotate.d +install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/logrotate.d/rsync +%endif +install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/rsyncd.conf +install -m 600 %{SOURCE6} %{buildroot}%{_sysconfdir}/rsyncd.secrets +install -D -m 0644 %{SOURCE9} %{buildroot}%{_unitdir}/rsyncd@.service +install -D -m 0644 %{SOURCE8} %{buildroot}%{_unitdir}/rsyncd.service +install -D -m 0644 %{SOURCE3} %{buildroot}%{_unitdir}/rsyncd.socket +ln -sf service %{buildroot}%{_sbindir}/rcrsyncd + +%pre +%service_add_pre rsyncd.service +%if 0%{?suse_version} > 1500 +# Prepare for migration to /usr/etc; save any old .rpmsave +for i in logrotate.d/rsync ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||: +done +%endif + +%if 0%{?suse_version} > 1500 +%posttrans +# Migration to /usr/etc, restore just created .rpmsave +for i in logrotate.d/rsync ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||: +done +%endif + +%preun +%service_del_preun rsyncd.service + +%post +%service_add_post rsyncd.service + +%postun +%service_del_postun rsyncd.service + +%files +%license COPYING +%doc NEWS.md README.md tech_report.tex support/ +%{_unitdir}/rsyncd@.service +%{_unitdir}/rsyncd.service +%{_unitdir}/rsyncd.socket +%config(noreplace) %{_sysconfdir}/rsyncd.conf +%config(noreplace) %{_sysconfdir}/rsyncd.secrets +%if 0%{?suse_version} > 1500 +%{_distconfdir}/logrotate.d/rsync +%else +%config(noreplace) %{_sysconfdir}/logrotate.d/rsync +%endif +%{_sbindir}/rcrsyncd +%{_sbindir}/rsyncd +%{_bindir}/rsyncstats +%{_bindir}/rsync +%{_bindir}/rsync-ssl +%{_mandir}/man1/rsync.1%{?ext_man} +%{_mandir}/man1/rsync-ssl.1%{?ext_man} +%{_mandir}/man5/rsyncd.conf.5%{?ext_man} + +%changelog diff --git a/rsyncd b/rsyncd new file mode 100644 index 0000000..52b0175 --- /dev/null +++ b/rsyncd @@ -0,0 +1,6 @@ +#!/bin/sh + +# We need this wrapper instead of a plain symlink to be able to set +# a different SELinux label on this +exec -a rsyncd /usr/bin/rsync "$@" + diff --git a/rsyncd.conf b/rsyncd.conf new file mode 100644 index 0000000..5a90f3d --- /dev/null +++ b/rsyncd.conf @@ -0,0 +1,16 @@ +gid = users +read only = true +use chroot = true +transfer logging = true +log format = %h %o %f %l %b +log file = /var/log/rsyncd.log +pid file = /var/run/rsyncd.pid +hosts allow = trusted.hosts +slp refresh = 300 +use slp = false + +#[Example] +# path = /home/Example +# comment = An Example +# auth users = user +# secrets file = /etc/rsyncd.secrets diff --git a/rsyncd.rc b/rsyncd.rc new file mode 100644 index 0000000..d7ba778 --- /dev/null +++ b/rsyncd.rc @@ -0,0 +1,137 @@ +#! /bin/sh +# Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH +# Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH +# Copyright (c) 2002 SuSE Linux AG +# +# Author: Kurt Garloff +# +# init.d/rsyncd +# +# and symbolic its link +# +# /sbin/rcrsyncd +# +# System startup script for the rsync daemon +# +### BEGIN INIT INFO +# Provides: rsync +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Should-Start: slpd +# Should-Stop: slpd +# Default-Start: 3 5 +# Default-Stop: 0 1 2 6 +# Description: Start the rsync server daemon +# Short-Description: Start the rsync server daemon +### END INIT INFO + +RSYNCD_BIN=/usr/sbin/rsyncd +test -x $RSYNCD_BIN || exit 5 +RSYNCD_PID=/var/run/rsyncd.pid + +# Shell functions sourced from /etc/rc.status: +# rc_check check and set local and overall rc status +# rc_status check and set local and overall rc status +# rc_status -v ditto but be verbose in local rc status +# rc_status -v -r ditto and clear the local rc status +# rc_failed set local and overall rc status to failed +# rc_failed set local and overall rc status to +# rc_reset clear local rc status (overall remains) +# rc_exit exit appropriate to overall rc status +. /etc/rc.status + +# First reset status of this service +rc_reset + +# Return values acc. to LSB for all commands but status: +# 0 - success +# 1 - generic or unspecified error +# 2 - invalid or excess argument(s) +# 3 - unimplemented feature (e.g. "reload") +# 4 - insufficient privilege +# 5 - program is not installed +# 6 - program is not configured +# 7 - program is not running +# +# Note that starting an already running service, stopping +# or restarting a not-running service as well as the restart +# with force-reload (in case signalling is not supported) are +# considered a success. + +case "$1" in + start) + echo -n "Starting rsync daemon" + ## Start daemon with startproc(8). If this fails + ## the echo return value is set appropriate. + + # NOTE: startproc return 0, even if service is + # already running to match LSB spec. + startproc -p $RSYNCD_PID -t 1 $RSYNCD_BIN --daemon + + # Remember status and be verbose + rc_status -v + ;; + stop) + echo -n "Shutting down rsync daemon" + ## Stop daemon with killproc(8) and if this fails + ## set echo the echo return value. + + killproc -p $RSYNCD_PID $RSYNCD_BIN + + # Remember status and be verbose + rc_status -v + ;; + try-restart) + ## Stop the service and if this succeeds (i.e. the + ## service was running before), start it again. + ## Note: try-restart is not (yet) part of LSB (as of 0.7.5) + $0 status >/dev/null && $0 restart + + # Remember status and be quiet + rc_status + ;; + restart) + ## Stop the service and regardless of whether it was + ## running or not, start it again. + $0 stop + $0 start + + # Remember status and be quiet + rc_status + ;; + force-reload) + ## Signal the daemon to reload its config. Most daemons + ## do this on signal 1 (SIGHUP). + ## If it does not support it, restart. + + echo "Reload service rsync" + "$0" restart + rc_status -v + ;; + reload) + # rsyncd does not catch SIGHUP + echo -n "Reload service rsync" + rc_failed 3 + rc_status -v + ;; + status) + echo -n "Checking for rsync daemon: " + ## Check status with checkproc(8), if process is running + ## checkproc will return with exit status 0. + + # Status has a slightly different for the status command: + # 0 - service running + # 1 - service dead, but /var/run/ pid file exists + # 2 - service dead, but /var/lock/ lock file exists + # 3 - service not running + + # NOTE: checkproc returns LSB compliant status values. + checkproc -p $RSYNCD_PID $RSYNCD_BIN + rc_status -v + ;; + *) + echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload}" + exit 1 + ;; +esac +rc_exit diff --git a/rsyncd.secrets b/rsyncd.secrets new file mode 100644 index 0000000..13e7cb9 --- /dev/null +++ b/rsyncd.secrets @@ -0,0 +1 @@ +# user:passwd diff --git a/rsyncd.service b/rsyncd.service new file mode 100644 index 0000000..4c7bd65 --- /dev/null +++ b/rsyncd.service @@ -0,0 +1,22 @@ +[Unit] +Description=Start the rsync server daemon +After=network.target +ConditionPathExists=/etc/rsyncd.conf + +[Service] +ExecStart=/usr/sbin/rsyncd --daemon --no-detach +IOSchedulingClass=idle +CPUSchedulingPolicy=batch +PrivateTmp=true +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectHostname=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions + +[Install] +WantedBy=multi-user.target diff --git a/rsyncd.socket b/rsyncd.socket new file mode 100644 index 0000000..31b00a4 --- /dev/null +++ b/rsyncd.socket @@ -0,0 +1,10 @@ +[Unit] +Description=Rsync Server Socket +Conflicts=rsyncd.service + +[Socket] +ListenStream=873 +Accept=yes + +[Install] +WantedBy=sockets.target diff --git a/rsyncd@.service b/rsyncd@.service new file mode 100644 index 0000000..710ecd9 --- /dev/null +++ b/rsyncd@.service @@ -0,0 +1,11 @@ +[Unit] +Description=Start the rsync server daemon +After=network.target +ConditionPathExists=/etc/rsyncd.conf + +[Service] +ExecStart=/usr/sbin/rsyncd --daemon --no-detach +IOSchedulingClass=idle +CPUSchedulingPolicy=batch +PrivateTmp=true +StandardInput=socket